Splunk Enterprise Security

Discussions

Thread Info

How to get syslog from a unpopular firewall ?There is no add-on or app support for it in splunkbase.

Hello guys： I'm going to get log from my firewall ，in order to see more firewall information in my splunk enterpri...

by New Member in

In Splunk Enterprise Security, how do you rename the auto-discovered fields?

Is it possible to rename auto-discovered fields? I can't seem to find a way to do this. I tried adding events to a da...

by Explorer in

Splunk ES dashboard link within Drilldown Search box of correlation event?

I was just wondering if anyone has figured out the correct syntax to use so you could click on a correlation search '...

by New Member in

How come my fields are not showing in additional field under incident review in Splunk Enterprise Security?

My fields are not showing in additional field under incident review in Splunk. I want to take results obtained from t...

by New Member in

Metrics definition errors in the add-on - is fix available in future version?

The latest add-on 4.6.0 installed on splunk 7.1.3, when restarted throws an the following error: Any plans to fix the...

by Influencer in

pass field value in search as an argument to be used in a macro

Hi, I am trying to figure out how to pass a field value in the search to a macro which interprets it and does furt...

by Explorer in

How to reinstall removed DA-ESS-ThreatIntelligence

mistaken I remove Enterprise App named DA-ESS-ThreatIntelligence. how how can I download this and integrate it wit...

by Communicator in

How do you use Splunk Enterprise Security to prevent password spraying and guessing?

Hello, I am looking for a query based on my below scenario use case : user passwords shall comply with minimum com...

by Path Finder in

Transactioned Orphaned Events

Hi Everyone, I'm building / improving one of the alerts which we use to detect when a event log has been turned of...

by Explorer in

datamodel - dedup count

This in regards to vulnerability center from Qualys issue - the datamodel gets updated every 24hrs (this cant chan...

by New Member in

When creating ES rules I get this error - "Search could not be updated: Argument "schedule_priority" is not supported by this handler."

I cannot find any literature on it or an explanation. Does anybody recognize this and know how to remedy?

by New Member in

How can I achieve Risk Model Through Splunk?

I have different devices for Perimeter Security, Endpoint Security, Access Security and Email Security. Pls let me kn...

by New Member in

How to pull the data from Splunk Security Incident Review Description column?

I am trying to pull all the information from Splunk Security Incident Review Description column. Please see the at...

by Path Finder in

Need to pull all the data from the investigation panel (Enterprise Security) and send to third party (Archer, ServiceNow) via API

Need to pull all the data from the investigation panel (Enterprise Security) and send to third party (Archer, Service...

by Path Finder in

How do I get the alert actions from splunk_ta_snow to be active as adaptive responses in Enterprise Security

Hi. It seems like the alert_actions defines in splunk_ta_snow misses param._cam parms, so they don't show up, as a...

by Contributor in

Using the eval command, how do you calculate the time difference between two events WHERE the status value is different?

Hi, There's probably a better function to use for this, but I think it could be done with an eval and where (I thi...

by Path Finder in

how to customize drilldown action

Under the noteable event view, for each field ther is action, I want to add "got to virustotal $src$" field for src(i...

by Communicator in

Correlate two search results.

Hello, I have a two queries from two DM (Authentication and Change-Analysis). Task: Basically, I need to exclud...

by New Member in

Splunk ES - Configuration Errors on Splunk UI

We noticed Configuration Errors on Splunk UI, Investigated the errors and this is from the rules. No changes made to ...

by Splunk Employee in

Splunk Enterprise Security - SA-IdentitiyManagement - inputs.conf - master_host attribute value

What should be the value of master_host attribute in inputs.conf for SA-IdentitityManagement add-on? In my Splunk Ent...

by Explorer in

Splunk Enterprise Security: Unable to save Input stanza for lookup source

We are implementing the Splunk ES in our environment, when I try to save input stanza for lookup source under Configu...

by Explorer in

notables relation with device events

Is there any way that a notable is linked to the events that generated it?

by Explorer in

Enterprise Security Identity Correlation - merging of identities

Hi all, I have a problem understanding how ES Identity Correlation merges identities together. Example: I have ...

by Motivator in

How does Splunk Enterprise Security work?

hello I want to understand the concept of how Splunk security works. I think that it has a database of signatures...

by Path Finder in

Percent problems

Hi, Struggling to get the percentage to work properly... I have 3 fields; Open, Closed and New. I want to r...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to get syslog from a unpopular firewall ?There is no add-on or app support for it in splunkbase.

In Splunk Enterprise Security, how do you rename the auto-discovered fields?

Splunk ES dashboard link within Drilldown Search box of correlation event?

How come my fields are not showing in additional field under incident review in Splunk Enterprise Security?

Metrics definition errors in the add-on - is fix available in future version?

pass field value in search as an argument to be used in a macro

How to reinstall removed DA-ESS-ThreatIntelligence

How do you use Splunk Enterprise Security to prevent password spraying and guessing?

Transactioned Orphaned Events

datamodel - dedup count

When creating ES rules I get this error - "Search could not be updated: Argument "schedule_priority" is not supported by this handler."

How can I achieve Risk Model Through Splunk?

How to pull the data from Splunk Security Incident Review Description column?

Need to pull all the data from the investigation panel (Enterprise Security) and send to third party (Archer, ServiceNow) via API

How do I get the alert actions from splunk_ta_snow to be active as adaptive responses in Enterprise Security

Using the eval command, how do you calculate the time difference between two events WHERE the status value is different?

how to customize drilldown action

Correlate two search results.

Splunk ES - Configuration Errors on Splunk UI

Splunk Enterprise Security - SA-IdentitiyManagement - inputs.conf - master_host attribute value

Splunk Enterprise Security: Unable to save Input stanza for lookup source

notables relation with device events

Enterprise Security Identity Correlation - merging of identities

How does Splunk Enterprise Security work?

Percent problems

Preparing your Splunk Environment for OpenSSL3

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Saved Search in Source Code

Error in 'script': Getinfo probe failed for extern...

Adding comment (link) to Next Steps (In an alert u...

Adding another peer to SH to be used for Enterpris...

Free Training Online Classes