Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
splinks

Splunk Enterprise Security: Is it possible to prepopulate adaptive response action form with data from notable event?

Hi, Is it possible to prepopulate an adaptive response action's form from the notable event? Let's say my notable e...
by splinks Explorer in Splunk Enterprise Security 06-18-2019
1 3
1
3
vinayakwagh

Disaster Recovery for ES SH cluster Enviornment

what is the solution for DR where ES app is in Sh cluster?
by vinayakwagh Explorer in Splunk Enterprise Security 06-18-2019
0 1
0
1
gigibit92

Is there anyway in Android SDK to avoid storing logs in clear on the device before sending to server?

I found the log in plain text on my device during the test, can I add a custom write and custom read feature with an ...
by gigibit92 New Member in Splunk Enterprise Security 06-18-2019
0 0
0
0
sahiltcs

How to detect Splunk searches ran by users without justification?

We are looking for query to detect Splunk queries without business justification and also random validation of busine...
by sahiltcs Path Finder in Splunk Enterprise Security 06-15-2019
0 5
0
5
Azerty728

Upgrade 5.2.2 to 5.3 - is the documentation wrong or is it me ?

Hello, I'm using Splunk 7.2.6 and ES 5.2.2 (on a SHC) and I want to upgrade ES to 5.3 on this SHC environment. Acco...
by Azerty728 Path Finder in Splunk Enterprise Security 06-14-2019
0 5
0
5
kirankos

Splunk Enterprise Security: Error SA-Utils/bin/data_migrator.py

hi After installing Enterprise Security, 4.7.6, we are constantly getting error in the console msg="A script exite...
by kirankos Engager in Splunk Enterprise Security 06-13-2019
0 1
0
1
jbrocks

Splunk Enterprise Security send notable event as email - missing server in ES?

Hello everybody, we have a problem sending notable events from Splunk ES as an email. Email notification works fine ...
by jbrocks Communicator in Splunk Enterprise Security 06-12-2019
0 0
0
0
rupalekar

Connection Between Phantom and Splunk

Hi Has anyone run into issues connecting "to" Splunk "From" Phantom App? I have tried 443 and 8089 I keep getting ...
by rupalekar Explorer in Splunk Enterprise Security 06-11-2019
1 2
1
2
rishrai

Splunk Upgrade best methodology or approach for Enterprise and ES

I am looking to upgrade the following and the approach below. My question is this upgrade optimal and will sustain? ...
by rishrai New Member in Splunk Enterprise Security 06-11-2019
0 4
0
4
akostiner123194

Tstats with inputlookup to check for a malicious IP with the authentication datamodel

Here is my SPL, what am I doing wrong? |tstats count from datamodel=Authentication where ([|inputlookup threatconnec...
by akostiner123194 New Member in Splunk Enterprise Security 06-11-2019
0 1
0
1
nb1030

Is it possible to tag logs associated with the event_id when a notable event triggers?

I looked around, but could not find anyone asking this question specifically. Basically, when a notable event trigger...
by nb1030 New Member in Splunk Enterprise Security 06-11-2019
0 2
0
2
spectrum2035

Can multiple search head clusters connected to the same index use port 8080?

Hello, Currently we have Single Search Head Cluster with Enterprise Security and single Indexer Cluster. As part of ...
by spectrum2035 Explorer in Splunk Enterprise Security 06-11-2019
0 3
0
3
mkhedr

Using Enterprise security

am about to register for Using Enterprise Security but i would like to make sure if am going to receive an official m...
by mkhedr Explorer in Splunk Enterprise Security 06-11-2019
0 1
0
1
dgillette3

Problem with Enterprise Security Correlation Search

This Enterprise Security correlation search "Anomalous Audit Trail Activity Detected" is generating a whole bunch of ...
by dgillette3 Explorer in Splunk Enterprise Security 06-10-2019
0 0
0
0
spectrum2035

Splunk CIM upgrade

Currently we are having Splunk CIM 4.11.0 and we would like to upgrade it to Splunk 4.13.0 (to add new Endpoint data ...
by spectrum2035 Explorer in Splunk Enterprise Security 06-10-2019
0 2
0
2
rupalekar

Playbook Having Issues executing

Hi For some reason none of my playbooks finish executing. They simply stay in a loop Even if it is a simple test li...
by rupalekar Explorer in Splunk Enterprise Security 06-10-2019
0 1
0
1
andreibanaru

CIM on two separate search heads

We have two search heads: - First is used with Enterprise Security with CIM installed and acceleration enabled on som...
by andreibanaru Explorer in Splunk Enterprise Security 06-09-2019
0 1
0
1
mbarbaro

Splunk Enterprise Security: How to view events associated to "Change - Abnormally High Number of Endpoint Changes by User - Rule" source?

Hello, i would like to see the Events associated to this source "Change - Abnormally High Number of Endpoint Changes...
by mbarbaro Path Finder in Splunk Enterprise Security 06-08-2019
0 1
0
1
mkhedr

Where to get official powerpoint slides for instructors on course "Using Enterprise Security"?

I am supposed to give training for this course "Using Enterprise Security", where can I get an official powerpoint s...
by mkhedr Explorer in Splunk Enterprise Security 06-08-2019
0 2
0
2
cdupuis123

How to configure an FS-ISAC feed in Splunk App for Enterprise Security 3.3 with a Soltra Edge server?

1st time configuring a feed in the Splunk App for Enterprise Security and I'm spinning my wheels. HELP  I have the...
by cdupuis123 Path Finder in Splunk Enterprise Security 06-07-2019
3 21
3
21
hungheo

The meaning of security metrics in Glass Tables

Hi everyone, I am newbie in Splunk. Now I need do a network Diagram in Glass Tables but I don't know exactly the me...
by hungheo New Member in Splunk Enterprise Security 06-07-2019
0 1
0
1
rupalekar

Forwarding Data between Splunk ES and Phantom

I am trying to send data from Splunk ES to Phantom Version is 7.2.6 After downloading Phantom app from Splunk, with...
by rupalekar Explorer in Splunk Enterprise Security 06-06-2019
0 1
0
1
CSmoke

How to add "open in search button" for notable events?

When viewing notable events on the Incident Review Dashboard, there is a link named Correlation Search. The link open...
by CSmoke Path Finder in Splunk Enterprise Security 06-05-2019
0 4
0
4
mailmetoramu

What is the difference between Splunk Enterprise & Splunk Enterprise Security and which one shall I implement in my 24/7/365 monitoring SOC?

Hi all, Can anyone let me know the difference between Splunk Enterprise & Splunk Enterprise Security? Are they both ...
by mailmetoramu Explorer in Splunk Enterprise Security 06-04-2019
0 16
0
16
sonny_monti

Problem to use ML toolkit "apply" command in ES correlation search

I want to use a ML toolkit trained model in Enterprise security. To do this I want to use the "apply" command in a ...
by sonny_monti Path Finder in Splunk Enterprise Security 06-04-2019
0 2
0
2
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...
Top Solution Authors
View All