Splunk Enterprise Security

Community Activity

Problem to use ML toolkit "apply" command in ES correlation search I want to use a ML toolkit trained model in Enterprise security. To do this I want to use the "apply" command in a ... by sonny_monti Path Finder in Splunk Enterprise Security 06-04-2019 0 2	0	2
How to join searches from two indexes? Hi all, I've been looking up information about Joins ect, but can't seem to get mine to output so i'm wondering if ... by chrispounds Explorer in Splunk Enterprise Security 06-04-2019 0 9	0	9
Splunk Enterprise Security: How to download threat lists with a customized Authorization HTTP header? Have external threat lists to download. With them it is required to send a customized Authorization header. And no, i... by thomasbader Engager in Splunk Enterprise Security 06-03-2019 1 3	1	3
ESS: How to check a file not showing up in threat artifacts I have a URL that I want to get IoCs from. In the audit, it says that the file has been downloaded successfully- but... by mamrk29 New Member in Splunk Enterprise Security 06-03-2019 0 0	0	0
Splunk ES DMA - "Accelerate until maximum time" Need some clarification regarding enabling "Accelerate until maximum time" according to the docs "When selected, r... by splunk_zen Builder in Splunk Enterprise Security 06-03-2019 0 6	0	6
How to create a new multivalue field based of answers field? We have the Bro add-on installed and everything is being parsed into the proper fields. The Bro DNS logs (sourcetype=... by nb1030 New Member in Splunk Enterprise Security 06-02-2019 0 2	0	2
Coalesce two fields with null values I have two fields and if field1 is empty, I want to use the value in field2. (i.e. I never want to use field2 unless ... by lxm30 New Member in Splunk Enterprise Security 05-31-2019 0 3	0	3
How to create a regex to extract fields in a certificate? I need to extract various fields if they exist. CN, C, S, O, OU, Here is a sample data of five different events. P... by regriffith Path Finder in Splunk Enterprise Security 05-30-2019 0 8	0	8
hunting guide pdf documentation missing I try to find PDF documentation for Cyber-security hunting guide, I try below documentation link: https://docs.splun... by jolinchew New Member in Splunk Enterprise Security 05-28-2019 0 3	0	3
How to Get Contributing events from a notable event programatically I want get contributing events for a particular notable event programatically. Is there anyway that we can get from ... by shravankumarkus New Member in Splunk Enterprise Security 05-27-2019 0 4	0	4
Config assets in SplunkES Hi all, When I config assets in SplunkES, I have a problem which concern field pci_domain. I have read the document... by hoandh New Member in Splunk Enterprise Security 05-27-2019 0 7	0	7
add partial information from Cisco ISE logs to identities lookup I am seeing some interesting information from cisco Iogs. for example, user name, hostname name, mac address, locatio... by rashid47010 Communicator in Splunk Enterprise Security 05-27-2019 0 2	0	2
AWS cloudtrail logs and vpc flow logs not being ingested Hi All, For the Cloudtrail logs, this is the last logs in splunkd logfile. 05-22-2019 08:15:02.624 +0000 INFO In... by singhvishakha29 Engager in Splunk Enterprise Security 05-27-2019 0 0	0	0
Import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials Is it possible to import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials? I want to b... by simon_lavigne Path Finder in Splunk Enterprise Security 05-26-2019 0 10	0	10
Update SPLUNK_SA_CIM version Hi All, I would like to know about the process to update the CIM. I am currently getting the following errors: Splu... by singhvishakha29 Engager in Splunk Enterprise Security 05-24-2019 0 1	0	1
How do you correlate data from multiple indexes? I have 2 indexes that have 2 different parts of same data. One index contains http connection details and another con... by harishbenne2 Explorer in Splunk Enterprise Security 05-23-2019 0 8	0	8
Splunk Enterprise Security: Streaming XML data tag "error" Hi all, I am new to Splunk and am still trying to figure out everything one step at a time. I have an issue where th... by tjgamez New Member in Splunk Enterprise Security 05-23-2019 0 3	0	3
Correlation Rule: Unauthorized DNS Server Exceptions Hi, I'm looking at enabling the 'DNS Query Requests Resolved by Unauthorized DNS Servers' rule in Splunk ES - Unfort... by adam_dixon95 Explorer in Splunk Enterprise Security 05-23-2019 0 1	0	1
Splunk Resilient - closing Splunk events We have our Splunk - Resilient integration mostly working and wanted to add a script in Resilient to update the statu... by TetchyTech New Member in Splunk Enterprise Security 05-22-2019 0 0	0	0
Translation of Splunk queries from Plain English to SPL Hi All, Can we translate our plain English queries to Search Processing Language i.e. SPL, does Splunk provide any f... by nnimbe1 Path Finder in Splunk Enterprise Security 05-22-2019 0 2	0	2
How do I combine tstats and InputLookup in an ES Correlation Rule I'm looking to add an input lookup to a tstats Datamodel correlation search within Splunk Enterprise Security to tune... by SMWickman Explorer in Splunk Enterprise Security 05-21-2019 0 0	0	0
Getting special character in start of raw message "<86>May 19 14:42:03 xxxxxx ..." We are getting speacial characters in splunk raw message which is impacting downstream parsing. Can you suggest ways ... by pcnitk New Member in Splunk Enterprise Security 05-20-2019 0 1	0	1
Inputlookup Not matching Data Hi, I'm trying to make a whitelist for encoded commands which IT Support use and I'm having a problem getting an inp... by swright_rl Explorer in Splunk Enterprise Security 05-20-2019 0 2	0	2
How can i set unique hostname on Splunk Windows Forwarder? Hi Guys, Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the is... by Oracle Explorer in Splunk Enterprise Security 05-19-2019 0 2	0	2
Asset Lookup in Malware Datamodel We are using ES with a datamodel that has the base constraint: (`cim_Malware_indexes`) tag=malware tag=attack ... by richardphung Communicator in Splunk Enterprise Security 05-18-2019 0 15	0	15