Splunk Enterprise Security

Thread Info

Correlation search - Stream events

I'll start with the goal of what I am trying to accomplish first. I'd like to be able to detect any source sending da...

by Path Finder in

Dynamically populate search dashboard after transaction

Hello, I'm trying to create a dashboard for our email logs, that allows a user to input fields like sender, recipi...

by Engager in

Removing 1 IP from a threat Intel list without removing the entire list?

We are using Splunk es. We started porting list into the threat intel feeds. Our analyst wants to remove a single IP ...

by Engager in

No Notables is getting generated however i can get the results when correlation searches are run mannually

Since morning i am observing my notables are not getting created. I can see the Notable names in Security posture but...

by New Member in

splunk cloud es notable index empty

Hello Splunkers we have splunk managed cloud ES and i have enabled all correlation searches as per doc the way we do ...

by Path Finder in

How to extract email addresses from URLs using regex?

I have URL's that contain email addresses that I would like to extract via rex into an email field: SAMPLE RAW: ...

by Explorer in

Splunk ES - Troubleshooting Web Data Model

We have ES up and running and I'm starting to review the various Security Domains and relevant dashboards/reports. ...

by Influencer in

Add-on for Microsoft Sysmon

Hello, The add-on for MS sysmon developed by Dave Herrald has been tested for Sysmon version 8.0 as per the link, ...

by New Member in

How to search to see if a value in the description field is greater than a certain number?

We have connected Duo Security with Splunk in order to track certain aspects of our security performance. To make thi...

by Explorer in

issue : unable to see how to hide password in S3 example script

Hi , I am new and trying to write setup page through modular input where we need to communicate with server .for user...

by New Member in

Disable info page without authentication

Hi, Please let me know what is possible way to disable info page (en-US/info) without authentication as it showing...

by New Member in

How to create investigations in ES 5.2.2?

Hi all, So i have added the edit_timeline role to a user and they can create an investigation, but after you clic...

by Explorer in

Identifying events that originate greater than 50 miles from a lon\lat.

Hello, We have multiple international locations (Japan, Italy, Spain ect...) and are looking to identify events th...

by New Member in

All WSA logs are being tagged as Attack and Malware

I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic. It seems...

by Engager in

How to install splunk app through Linux terminal?

I am just confused to install Splunk app (truStar) via terminal, please don't tell me to download and upload via Splu...

by Path Finder in

How to rename column name when using "chart count over by" command

i written a query and need to change the output name of one the table column ....| chart count over sourceIP by St...

by New Member in

No Notables created but correlation searches are working manually

till few afters before all my notables were working properly. I made changes in XML file of default.xml on navigation...

by New Member in

Adding an ID number to ES investigations

Is there a way to automagically add a unique ID number to each investigation that is opened?

by Communicator in

How to add a view to Enterprise Security?

I am trying to add a view to Enterprise Security by going to Configure > General > Navigation. Here I am able to crea...

by Path Finder in

Can someone help me understand this event from Splunk ES ?

I have these events on Splunk ES security posture dashboard and need help in understand how the detection for this on...

by Communicator in

How to set up a custom search/alert to track when Windows event log service start/stop for Windows Server 2008+?

Just wanted to put this out there to the universe... Has anyone set up a custom search/alert to track when the Window...

by Engager in

XML Error - Read Timeout while accessing SPLUNK on browser

I have recently modified my navigation menu XML through splunk user interface. Now when i refresh the splunk insta...

by New Member in

dest=unknown in ES

We are having an issue with our Splunk ES instance where notables that have dest = unknown, all show up in our ESS In...

by Communicator in

add key indicators into custom dashboard

how can I add existing key indicator to my new dashboard. I want to add malware key indicator to my custom dashboard.

by Communicator in

Splunk SIEM Application

Hi All, We are using Splunk Enterprise, During server cleaning, We found out that Splunk Enterprise security is a...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Correlation search - Stream events

Dynamically populate search dashboard after transaction

Removing 1 IP from a threat Intel list without removing the entire list?

No Notables is getting generated however i can get the results when correlation searches are run mannually

splunk cloud es notable index empty

How to extract email addresses from URLs using regex?

Splunk ES - Troubleshooting Web Data Model

Add-on for Microsoft Sysmon

How to search to see if a value in the description field is greater than a certain number?

issue : unable to see how to hide password in S3 example script

Disable info page without authentication

How to create investigations in ES 5.2.2?

Identifying events that originate greater than 50 miles from a lon\lat.

All WSA logs are being tagged as Attack and Malware

How to install splunk app through Linux terminal?

How to rename column name when using "chart count over by" command

No Notables created but correlation searches are working manually

Adding an ID number to ES investigations

How to add a view to Enterprise Security?

Can someone help me understand this event from Splunk ES ?

How to set up a custom search/alert to track when Windows event log service start/stop for Windows Server 2008+?

XML Error - Read Timeout while accessing SPLUNK on browser

dest=unknown in ES

add key indicators into custom dashboard

Splunk SIEM Application

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions