Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
thomasbader

Splunk Enterprise Security: How to download threat lists with a customized Authorization HTTP header?

Have external threat lists to download. With them it is required to send a customized Authorization header. And no, i...
by thomasbader Engager in Splunk Enterprise Security 06-03-2019
1 3
1
3
mamrk29

ESS: How to check a file not showing up in threat artifacts

I have a URL that I want to get IoCs from. In the audit, it says that the file has been downloaded successfully- but...
by mamrk29 New Member in Splunk Enterprise Security 06-03-2019
0 0
0
0
splunk_zen

Splunk ES DMA - "Accelerate until maximum time"

Need some clarification regarding enabling "Accelerate until maximum time" according to the docs "When selected, r...
by splunk_zen Builder in Splunk Enterprise Security 06-03-2019
0 6
0
6
nb1030

How to create a new multivalue field based of answers field?

We have the Bro add-on installed and everything is being parsed into the proper fields. The Bro DNS logs (sourcetype=...
by nb1030 New Member in Splunk Enterprise Security 06-02-2019
0 2
0
2
lxm30

Coalesce two fields with null values

I have two fields and if field1 is empty, I want to use the value in field2. (i.e. I never want to use field2 unless ...
by lxm30 New Member in Splunk Enterprise Security 05-31-2019
0 3
0
3
regriffith

How to create a regex to extract fields in a certificate?

I need to extract various fields if they exist. CN, C, S, O, OU, Here is a sample data of five different events. P...
by regriffith Path Finder in Splunk Enterprise Security 05-30-2019
0 8
0
8
jolinchew

hunting guide pdf documentation missing

I try to find PDF documentation for Cyber-security hunting guide, I try below documentation link: https://docs.splun...
by jolinchew New Member in Splunk Enterprise Security 05-28-2019
0 3
0
3
shravankumarkus

How to Get Contributing events from a notable event programatically

I want get contributing events for a particular notable event programatically. Is there anyway that we can get from ...
by shravankumarkus New Member in Splunk Enterprise Security 05-27-2019
0 4
0
4
hoandh

Config assets in SplunkES

Hi all, When I config assets in SplunkES, I have a problem which concern field pci_domain. I have read the document...
by hoandh New Member in Splunk Enterprise Security 05-27-2019
0 7
0
7
rashid47010

add partial information from Cisco ISE logs to identities lookup

I am seeing some interesting information from cisco Iogs. for example, user name, hostname name, mac address, locatio...
by rashid47010 Communicator in Splunk Enterprise Security 05-27-2019
0 2
0
2
singhvishakha29

AWS cloudtrail logs and vpc flow logs not being ingested

Hi All, For the Cloudtrail logs, this is the last logs in splunkd logfile. 05-22-2019 08:15:02.624 +0000 INFO In...
by singhvishakha29 Engager in Splunk Enterprise Security 05-27-2019
0 0
0
0
simon_lavigne

Import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials

Is it possible to import Splunk Enterprise Security and ESCU use cases into Splunk Security Essentials? I want to b...
by simon_lavigne Path Finder in Splunk Enterprise Security 05-26-2019
0 10
0
10
singhvishakha29

Update SPLUNK_SA_CIM version

Hi All, I would like to know about the process to update the CIM. I am currently getting the following errors: Splu...
by singhvishakha29 Engager in Splunk Enterprise Security 05-24-2019
0 1
0
1
harishbenne2

How do you correlate data from multiple indexes?

I have 2 indexes that have 2 different parts of same data. One index contains http connection details and another con...
by harishbenne2 Explorer in Splunk Enterprise Security 05-23-2019
0 8
0
8
tjgamez

Splunk Enterprise Security: Streaming XML data tag "error"

Hi all, I am new to Splunk and am still trying to figure out everything one step at a time. I have an issue where th...
by tjgamez New Member in Splunk Enterprise Security 05-23-2019
0 3
0
3
adam_dixon95

Correlation Rule: Unauthorized DNS Server Exceptions

Hi, I'm looking at enabling the 'DNS Query Requests Resolved by Unauthorized DNS Servers' rule in Splunk ES - Unfort...
by adam_dixon95 Explorer in Splunk Enterprise Security 05-23-2019
0 1
0
1
TetchyTech

Splunk Resilient - closing Splunk events

We have our Splunk - Resilient integration mostly working and wanted to add a script in Resilient to update the statu...
by TetchyTech New Member in Splunk Enterprise Security 05-22-2019
0 0
0
0
nnimbe1

Translation of Splunk queries from Plain English to SPL

Hi All, Can we translate our plain English queries to Search Processing Language i.e. SPL, does Splunk provide any f...
by nnimbe1 Path Finder in Splunk Enterprise Security 05-22-2019
0 2
0
2
SMWickman

How do I combine tstats and InputLookup in an ES Correlation Rule

I'm looking to add an input lookup to a tstats Datamodel correlation search within Splunk Enterprise Security to tune...
by SMWickman Explorer in Splunk Enterprise Security 05-21-2019
0 0
0
0
pcnitk

Getting special character in start of raw message "<86>May 19 14:42:03 xxxxxx ..."

We are getting speacial characters in splunk raw message which is impacting downstream parsing. Can you suggest ways ...
by pcnitk New Member in Splunk Enterprise Security 05-20-2019
0 1
0
1
swright_rl

Inputlookup Not matching Data

Hi, I'm trying to make a whitelist for encoded commands which IT Support use and I'm having a problem getting an inp...
by swright_rl Explorer in Splunk Enterprise Security 05-20-2019
0 2
0
2
Oracle

How can i set unique hostname on Splunk Windows Forwarder?

Hi Guys, Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the is...
by Oracle Explorer in Splunk Enterprise Security 05-19-2019
0 2
0
2
richardphung

Asset Lookup in Malware Datamodel

We are using ES with a datamodel that has the base constraint: (`cim_Malware_indexes`) tag=malware tag=attack ...
by richardphung Communicator in Splunk Enterprise Security 05-18-2019
0 15
0
15
singhvishakha29

Hi All, I need to collect logs from windows servers in the environment. We have Splunk ES on cloud. What are the options available

We need to decide on the best and easy option to collect all kinds of windows event logs
by singhvishakha29 Engager in Splunk Enterprise Security 05-16-2019
0 3
0
3
mtmichaelthomas

Creating a simple dashboard on ticket closed count

I have been playing around with creating dashboards and wanted to create one that can count how many tickets have bee...
by mtmichaelthomas New Member in Splunk Enterprise Security 05-16-2019
0 1
0
1
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All