Splunk Enterprise Security

Thread Info

How to rename column name when using "chart count over by" command

i written a query and need to change the output name of one the table column ....| chart count over sourceIP by St...

by New Member in

No Notables created but correlation searches are working manually

till few afters before all my notables were working properly. I made changes in XML file of default.xml on navigation...

by New Member in

Adding an ID number to ES investigations

Is there a way to automagically add a unique ID number to each investigation that is opened?

by Communicator in

How to add a view to Enterprise Security?

I am trying to add a view to Enterprise Security by going to Configure > General > Navigation. Here I am able to crea...

by Path Finder in

Can someone help me understand this event from Splunk ES ?

I have these events on Splunk ES security posture dashboard and need help in understand how the detection for this on...

by Communicator in

How to set up a custom search/alert to track when Windows event log service start/stop for Windows Server 2008+?

Just wanted to put this out there to the universe... Has anyone set up a custom search/alert to track when the Window...

by Engager in

XML Error - Read Timeout while accessing SPLUNK on browser

I have recently modified my navigation menu XML through splunk user interface. Now when i refresh the splunk insta...

by New Member in

dest=unknown in ES

We are having an issue with our Splunk ES instance where notables that have dest = unknown, all show up in our ESS In...

by Communicator in

add key indicators into custom dashboard

how can I add existing key indicator to my new dashboard. I want to add malware key indicator to my custom dashboard.

by Communicator in

Splunk SIEM Application

Hi All, We are using Splunk Enterprise, During server cleaning, We found out that Splunk Enterprise security is a...

by Path Finder in

Keep specific events and discard the rest

Hello I want to index the events in the firewalls log based in the alert level and the virtual domain in witch they h...

by Path Finder in

Update default/props.conf with TA-eStreamer

Hello @douglashurd - Could you pls review default/props.conf as its reusing same name [FIELDALIAS-eStreamer_category]...

by Influencer in

Threat Intelligence feeds

Hi, I upload custom threat intelligence file named customthreat containing file_name, description,url the threat a...

by Communicator in

Threat intel not being added

Ever since the upgrade to ES 5.3.0 the ip_intel lookup doesn't seem to be getting filled anymore and there aren't any...

by Path Finder in

In incident review tab analyst comments getting truncated

when we are adding comments to notable it get indexed but some times the comment is getting truncated.

by Explorer in

Is there a way to create custom use case categories within ES?

Hello, Is there a way to create custom use case categories within the use case library for ES? The out-of-the-box ...

by Explorer in

Adding to 'Additional Fields' In Incident Review

Hi, I'm trying to see if there's a way to add additional/custom fields in Incident Review. Is there much room f...

by Explorer in

ES: How to edit "Description" under Incident Review?

Hi, My folks from cybersecurity wishes to display the epoch time under Description to human readable time. I can't...

by Builder in

Splunk ES Adaptive Response Actions not populating.

while Editing the correlation search Adaptive Response Actions dropdown is not populating which has notable event act...

by Explorer in

ess_admin role issues

Hello, I have a splunk cloud managed deployment which has ES installed on it. First thing is that my user has on...

by Contributor in

Single value delta in glass tables ES showing up as N/A but drilling down shows results

I'm having an issue where building a glass table in ES for a single value delta ad-hoc search is showing up as N/A, b...

by Explorer in

How to install UF on servers that installed from an Image server?

Hi, We have a Citrix farm used for browsing by our Call center agents. The Terminal servers are reinstalled autom...

by Path Finder in

Performaing a secondary search based on the results of the conditional base search when creating custom Dashboards.

I have a drop-down menu with all of the rule names that appear in the events. Some of those have been mapped in a loo...

by Explorer in

Why does the search specifies a macro 'fidelis_get_xps_event' cannot be found?

In our environment we have 3 separate non-distributed search heads and a 3-clustered indexers. When I try running the...

by Engager in

Is it possible to optimize hyperparameters in MLTK?

Hi I am using MLTK for anomaly detection. So I am benchmarking algorithms. I was wondering if it is possible to op...

by Communicator in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

How to rename column name when using "chart count over by" command

No Notables created but correlation searches are working manually

Adding an ID number to ES investigations

How to add a view to Enterprise Security?

Can someone help me understand this event from Splunk ES ?

How to set up a custom search/alert to track when Windows event log service start/stop for Windows Server 2008+?

XML Error - Read Timeout while accessing SPLUNK on browser

dest=unknown in ES

add key indicators into custom dashboard

Splunk SIEM Application

Keep specific events and discard the rest

Update default/props.conf with TA-eStreamer

Threat Intelligence feeds

Threat intel not being added

In incident review tab analyst comments getting truncated

Is there a way to create custom use case categories within ES?

Adding to 'Additional Fields' In Incident Review

ES: How to edit "Description" under Incident Review?

Splunk ES Adaptive Response Actions not populating.

ess_admin role issues

Single value delta in glass tables ES showing up as N/A but drilling down shows results

How to install UF on servers that installed from an Image server?

Performaing a secondary search based on the results of the conditional base search when creating custom Dashboards.

Why does the search specifies a macro 'fidelis_get_xps_event' cannot be found?

Is it possible to optimize hyperparameters in MLTK?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code