Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Is there a way to create custom use case categories within ES?

Hello, Is there a way to create custom use case categories within the use case library for ES? The out-of-the-box ...

by Explorer in

Adding to 'Additional Fields' In Incident Review

Hi, I'm trying to see if there's a way to add additional/custom fields in Incident Review. Is there much room f...

by Explorer in

ES: How to edit "Description" under Incident Review?

Hi, My folks from cybersecurity wishes to display the epoch time under Description to human readable time. I can't...

by Builder in

Splunk ES Adaptive Response Actions not populating.

while Editing the correlation search Adaptive Response Actions dropdown is not populating which has notable event act...

by Explorer in

ess_admin role issues

Hello, I have a splunk cloud managed deployment which has ES installed on it. First thing is that my user has on...

by Contributor in

Single value delta in glass tables ES showing up as N/A but drilling down shows results

I'm having an issue where building a glass table in ES for a single value delta ad-hoc search is showing up as N/A, b...

by Explorer in

How to install UF on servers that installed from an Image server?

Hi, We have a Citrix farm used for browsing by our Call center agents. The Terminal servers are reinstalled autom...

by Path Finder in

Performaing a secondary search based on the results of the conditional base search when creating custom Dashboards.

I have a drop-down menu with all of the rule names that appear in the events. Some of those have been mapped in a loo...

by Explorer in

Why does the search specifies a macro 'fidelis_get_xps_event' cannot be found?

In our environment we have 3 separate non-distributed search heads and a 3-clustered indexers. When I try running the...

by Engager in

Is it possible to optimize hyperparameters in MLTK?

Hi I am using MLTK for anomaly detection. So I am benchmarking algorithms. I was wondering if it is possible to op...

by Communicator in

Is it possible to count the number of values in a field by another field without stats?

I have a search where I am trying to determine if a sender is a threat based on several different events that are add...

by Explorer in

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed"

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" I did the below but...

by New Member in

creating an index accessible to only one Splunk role .

I want to create an index which will have sensitive data and want it to be accessible by only admin team and security...

by Explorer in

Why am I unable to save correlation searches through Splunk Enterprise Security in the context of any custom app?

I cannot save correlation searches through Splunk Enterprise Security in the context of any custom app. After going t...

by Engager in

Why is Check Point OPSEC LEA is parsing out dst to src and src to dst?

In the logs for "New Anti Virus", the logs contain a "dst=" and "src=" field. For some logs, it is placing the "dst="...

by New Member in

Splunk Add on for PA - incorrect tagging of Network sessions

** This is not a question, but adding this info for awareness for people using PA and CIM ** The default/tags.conf...

by Influencer in

exclude ip_intel feeds from Threat activity detected correlation search

Threat activity detected correlation rule is too noisy because of IP_intel feeds. How can we exclude them.

by Communicator in

Alert title unable to be found

I am attempting to find alerts that where set by previous employees. Even after looking at all alerts and enabled ale...

by New Member in

reboot splunk instance after OS patching

link text We patch our OS last week and OS admin advise us to reboto the Indexers once. we have multistie scenerio...

by Communicator in

How to find a Missing Lookup

I am new to the Splunk admin role and am having troubles with some errors. When a search is conducting I can see erro...

by Path Finder in

return events after searching another index

Hi, Whats the best way to return events from a search after also checking they're not contained within another ind...

by Path Finder in