Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
mkhedr
I am supposed to give training for this course "Using Enterprise Security", where can I get an official powerpoint s...
by mkhedr Explorer in Splunk Enterprise Security 06-08-2019
0 2
0
2
cdupuis123
1st time configuring a feed in the Splunk App for Enterprise Security and I'm spinning my wheels. HELP  I have the...
by cdupuis123 Path Finder in Splunk Enterprise Security 06-07-2019
3 21
3
21
hungheo
Hi everyone, I am newbie in Splunk. Now I need do a network Diagram in Glass Tables but I don't know exactly the me...
by hungheo New Member in Splunk Enterprise Security 06-07-2019
0 1
0
1
rupalekar
I am trying to send data from Splunk ES to Phantom Version is 7.2.6 After downloading Phantom app from Splunk, with...
by rupalekar Explorer in Splunk Enterprise Security 06-06-2019
0 1
0
1
CSmoke
When viewing notable events on the Incident Review Dashboard, there is a link named Correlation Search. The link open...
by CSmoke Path Finder in Splunk Enterprise Security 06-05-2019
0 4
0
4
mailmetoramu
Hi all, Can anyone let me know the difference between Splunk Enterprise & Splunk Enterprise Security? Are they both ...
by mailmetoramu Explorer in Splunk Enterprise Security 06-04-2019
0 16
0
16
sonny_monti
I want to use a ML toolkit trained model in Enterprise security. To do this I want to use the "apply" command in a ...
by sonny_monti Path Finder in Splunk Enterprise Security 06-04-2019
0 2
0
2
chrispounds
Hi all, I've been looking up information about Joins ect, but can't seem to get mine to output so i'm wondering if ...
by chrispounds Explorer in Splunk Enterprise Security 06-04-2019
0 9
0
9
thomasbader
Have external threat lists to download. With them it is required to send a customized Authorization header. And no, i...
by thomasbader Engager in Splunk Enterprise Security 06-03-2019
1 3
1
3
mamrk29
I have a URL that I want to get IoCs from. In the audit, it says that the file has been downloaded successfully- but...
by mamrk29 New Member in Splunk Enterprise Security 06-03-2019
0 0
0
0
splunk_zen
Need some clarification regarding enabling "Accelerate until maximum time" according to the docs "When selected, r...
by splunk_zen Builder in Splunk Enterprise Security 06-03-2019
0 6
0
6
nb1030
We have the Bro add-on installed and everything is being parsed into the proper fields. The Bro DNS logs (sourcetype=...
by nb1030 New Member in Splunk Enterprise Security 06-02-2019
0 2
0
2
lxm30
I have two fields and if field1 is empty, I want to use the value in field2. (i.e. I never want to use field2 unless ...
by lxm30 New Member in Splunk Enterprise Security 05-31-2019
0 3
0
3
regriffith
I need to extract various fields if they exist. CN, C, S, O, OU, Here is a sample data of five different events. P...
by regriffith Path Finder in Splunk Enterprise Security 05-30-2019
0 8
0
8
jolinchew
I try to find PDF documentation for Cyber-security hunting guide, I try below documentation link: https://docs.splun...
by jolinchew New Member in Splunk Enterprise Security 05-28-2019
0 3
0
3
shravankumarkus
I want get contributing events for a particular notable event programatically. Is there anyway that we can get from ...
by shravankumarkus New Member in Splunk Enterprise Security 05-27-2019
0 4
0
4
hoandh
Hi all, When I config assets in SplunkES, I have a problem which concern field pci_domain. I have read the document...
by hoandh New Member in Splunk Enterprise Security 05-27-2019
0 7
0
7
rashid47010
I am seeing some interesting information from cisco Iogs. for example, user name, hostname name, mac address, locatio...
by rashid47010 Communicator in Splunk Enterprise Security 05-27-2019
0 2
0
2
singhvishakha29
Hi All, For the Cloudtrail logs, this is the last logs in splunkd logfile. 05-22-2019 08:15:02.624 +0000 INFO In...
by singhvishakha29 Engager in Splunk Enterprise Security 05-27-2019
0 0
0
0
simon_lavigne
Is it possible to import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials? I want to b...
by simon_lavigne Path Finder in Splunk Enterprise Security 05-26-2019
0 10
0
10
singhvishakha29
Hi All, I would like to know about the process to update the CIM. I am currently getting the following errors: Splu...
by singhvishakha29 Engager in Splunk Enterprise Security 05-24-2019
0 1
0
1
harishbenne2
I have 2 indexes that have 2 different parts of same data. One index contains http connection details and another con...
by harishbenne2 Explorer in Splunk Enterprise Security 05-23-2019
0 8
0
8
tjgamez
Hi all, I am new to Splunk and am still trying to figure out everything one step at a time. I have an issue where th...
by tjgamez New Member in Splunk Enterprise Security 05-23-2019
0 3
0
3
adam_dixon95
Hi, I'm looking at enabling the 'DNS Query Requests Resolved by Unauthorized DNS Servers' rule in Splunk ES - Unfort...
by adam_dixon95 Explorer in Splunk Enterprise Security 05-23-2019
0 1
0
1
TetchyTech
We have our Splunk - Resilient integration mostly working and wanted to add a script in Resilient to update the statu...
by TetchyTech New Member in Splunk Enterprise Security 05-22-2019
0 0
0
0
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...