Splunk Enterprise Security

Community Activity

Meraki Syslog events to TA-meraki are not showing up in ESS Myron, Thank you for taking the time to put into this TA. It's appears to be really useful with the way that Meraki ... by brian1_tate Path Finder in Splunk Enterprise Security 05-06-2019 0 4	0	4
To detect if Local admin account has been used to logon to a system Team, I am trying to setup a use case about To detect if Local admin account has been used to logon to a system , w... by arorayo New Member in Splunk Enterprise Security 05-06-2019 0 2	0	2
Custom Bar Chart Colours Not Working Hi, I have the following search in an ES dashboard panel to order incidents throughout the month by severity in a ba... by adam_dixon95 Explorer in Splunk Enterprise Security 05-06-2019 1 1	1	1
LDAP query for identities for Enterprise Security I’m trying to populate my users with the following query. One of the issues I have is certain users don’t have the ma... by TheSplunkDude Explorer in Splunk Enterprise Security 05-06-2019 0 0	0	0
Setting alias for multivalued field for ES/CIM compliance I created an alias for the X_MS_Forwarded_Client_IP (ADFS events) to equal to src. The X_MS_Forwarded_Client_IP is a ... by jwalzerpitt Influencer in Splunk Enterprise Security 05-06-2019 0 2	0	2
Correlation search - Stream events I'll start with the goal of what I am trying to accomplish first. I'd like to be able to detect any source sending da... by Crashfry Path Finder in Splunk Enterprise Security 05-06-2019 0 2	0	2
Dynamically populate search dashboard after transaction Hello, I'm trying to create a dashboard for our email logs, that allows a user to input fields like sender, recipien... by benthehen100 Engager in Splunk Enterprise Security 05-03-2019 0 0	0	0
Removing 1 IP from a threat Intel list without removing the entire list? We are using Splunk es. We started porting list into the threat intel feeds. Our analyst wants to remove a single IP ... by Alspeedo Engager in Splunk Enterprise Security 05-03-2019 1 1	1	1
No Notables is getting generated however i can get the results when correlation searches are run mannually Since morning i am observing my notables are not getting created. I can see the Notable names in Security posture but... by saurabhsumangat New Member in Splunk Enterprise Security 05-02-2019 0 8	0	8
splunk cloud es notable index empty Hello Splunkers we have splunk managed cloud ES and i have enabled all correlation searches as per doc the way we do ... by Splunk_rocks Path Finder in Splunk Enterprise Security 05-01-2019 0 1	0	1
How to extract email addresses from URLs using regex? I have URL's that contain email addresses that I would like to extract via rex into an email field: SAMPLE RAW: mac... by dsmeerkat Explorer in Splunk Enterprise Security 05-01-2019 0 3	0	3
Splunk ES - Troubleshooting Web Data Model We have ES up and running and I'm starting to review the various Security Domains and relevant dashboards/reports. F... by jwalzerpitt Influencer in Splunk Enterprise Security 05-01-2019 0 2	0	2
Add-on for Microsoft Sysmon Hello, The add-on for MS sysmon developed by Dave Herrald has been tested for Sysmon version 8.0 as per the link, bu... by cpaul8 New Member in Splunk Enterprise Security 05-01-2019 0 1	0	1
How to search to see if a value in the description field is greater than a certain number? We have connected Duo Security with Splunk in order to track certain aspects of our security performance. To make thi... by rtsquared Explorer in Splunk Enterprise Security 04-30-2019 0 3	0	3
issue : unable to see how to hide password in S3 example script Hi , I am new and trying to write setup page through modular input where we need to communicate with server .for use... by su_kumar New Member in Splunk Enterprise Security 04-30-2019 0 3	0	3
Disable info page without authentication Hi, Please let me know what is possible way to disable info page (en-US/info) without authentication as it showing d... by pingads11 New Member in Splunk Enterprise Security 04-30-2019 0 0	0	0
How to create investigations in ES 5.2.2? Hi all, So i have added the edit_timeline role to a user and they can create an investigation, but after you click ... by chrispounds Explorer in Splunk Enterprise Security 04-30-2019 0 5	0	5
Identifying events that originate greater than 50 miles from a lon\lat. Hello, We have multiple international locations (Japan, Italy, Spain ect...) and are looking to identify events that... by bbraun New Member in Splunk Enterprise Security 04-29-2019 0 3	0	3
All WSA logs are being tagged as Attack and Malware I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic. It seems t... by david_monaghan Engager in Splunk Enterprise Security 04-26-2019 0 0	0	0
How to install splunk app through Linux terminal? I am just confused to install Splunk app (truStar) via terminal, please don't tell me to download and upload via Splu... by Rocky31 Path Finder in Splunk Enterprise Security 04-26-2019 0 7	0	7
How to rename column name when using "chart count over by" command i written a query and need to change the output name of one the table column ....\| chart count over sourceIP by Stat... by saurabhsumangat New Member in Splunk Enterprise Security 04-26-2019 0 1	0	1
No Notables created but correlation searches are working manually till few afters before all my notables were working properly. I made changes in XML file of default.xml on navigation... by saurabhsumangat New Member in Splunk Enterprise Security 04-25-2019 0 2	0	2
Adding an ID number to ES investigations Is there a way to automagically add a unique ID number to each investigation that is opened? by bcyates Communicator in Splunk Enterprise Security 04-25-2019 0 2	0	2
How to add a view to Enterprise Security? I am trying to add a view to Enterprise Security by going to Configure > General > Navigation. Here I am able to crea... by wendtb Path Finder in Splunk Enterprise Security 04-25-2019 0 1	0	1
Can someone help me understand this event from Splunk ES ? I have these events on Splunk ES security posture dashboard and need help in understand how the detection for this on... by hrithiktej Communicator in Splunk Enterprise Security 04-25-2019 0 3	0	3