Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Unable to distribute to peer from search head

Hi, We are facing this issue frequently in splunk search head. Please help me. Unable to distribute to peer na...

by Path Finder in

Monitor correlation/notable/incident review Splunk ES

How can I monitor if all correlations open incidents into "Incident Reviews" in Splunk ES correctly?

by Explorer in

Do we have option in Splunk enterprise security to check the command output

We created Dashboard in Splunk enterprise security where we can see the commands status and risk score for those comm...

by Path Finder in

how do i monitor network data using netflow analyzer ?

hello, how do i monitor network data using netflow analyzer? i have installed add on of netflow analyzer.please tell ...

by Engager in

In Splunk Enterprise Security, how do you access granular audit trails for user and role changes?

I was looking for a way to view WHAT exactly was audited when someone changes a ROLE or USER (capabilities, inherited...

by Path Finder in

How to write a Splunk alert to find malicious C2 traffic using Cisco IPS logs

Guys, Any idea of writing a splunk query to find the malicious command and control traffic using Cisco IPS logs. W...

by New Member in

With Splunk Enterprise Security, I'm getting varying IP geo-location results when comparing Splunk to third-party resources — how frequent are Splunk geo cache updates?

Hi, I'm getting varied results in Splunk when I investigate an IP address' location. Splunk might say "Netherlands...

by Engager in

no expected fields in sourcetype

Hello all! resently i downloaded Check Point App for Splunk. I configured in input.conf in order to force all Chechpo...

by New Member in

How to create Enterprise Security custom roles and have Notables dashboard different for each roles?

hi anyone created "custom" roles in Enterprise Security and re-used the notables dashboard (security events) ? We ha...

by Super Champion in

How do you pass the same token for two panels with one drop-down input?

I want to pass a token from one panel to another panel. I mean, if I give one input in the drop down, it has to updat...

by Explorer in

Symantec MSS integration with Splunk for orchestration and Incident Management

Dear ALL , I am searching a procedure to pull and update the incidents from Symantec MSS created by their SOC ...

by New Member in

Nessus Home and Splunk Add-On for Tenable

Does this TA Support Nessus Home installations? I've tried to use Tenable.io and authentication seems to work but ...

by Splunk Employee in

In Splunk Enterprise Security, how do you combine two searches into one query and group on a specific field?

I am trying to create a query where there are two different searches that each produce a point in time for each devic...

by Explorer in

Fortigate logs are not in CIM format

I installed Fortinet Fortigate Add-on for Splunk 1.6.0 and Fortinet Fortigate App for Splunk 1.4. Sourcetypes are ide...

by New Member in

Notable Event Urgency issues

I have setup a few correlated events which currently are showing up in the incident review console as urgency (unknow...

by Engager in

Multiple tstats with prestats append=t not working in ES app

Hi, I'm querying a datamodel X and I need to append results with same fields names from datamodel xx using. I'm tr...

by Explorer in

Splunk Enterprise Security Alexa Domain NOT lookup failing

Hello, I am trying to create alerts for all outbound DNS queries which do not match the top one million domains as...

by Explorer in

Threat Intelligence

by default, where from threat Intelligence feed downloaded in splunk ?

by New Member in

Splunk Enterprise Security - Host Sending Excessive Emails Alert / Email Data model

Hi Everyone I'm having trouble with one of the alerts in Enterprise Security which is causing a lot of noise and f...

by New Member in

Subsearch relative to base search time

Hello, I'm looking into a way to discover following scenario in my ingested logs: some user logged out and didn't ...

by Explorer in

Script exited abnormally with code 114

I'm getting a scripting error on our Enterprise Security server every hour: msg="A script exited abnormally" input...

by Explorer in

In Splunk Enterprise Security, how do you use a subsearch to correlate information?

Hello, I'm trying to correlate events from 2 different source types, and 2 searches for example: sourcetypeA ha...

by New Member in

In Splunk Enterprise Security, how does Javascript SDK work? I wanna use client side SDK

Hi, Thanks for coming to my question. I am having trouble using javascript SDK. I cannot understand what is...

by Engager in

Notable event missing from Incident Review dashboard?

I have a search in which is generating results when I have it set as an alert and is successfully creating and event ...

by Explorer in

Using a different email address to send email responses using adaptive response action

Hi All, I have a use case where I want to send replies using a separate email address than the default address of ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Unable to distribute to peer from search head

Monitor correlation/notable/incident review Splunk ES

Do we have option in Splunk enterprise security to check the command output

how do i monitor network data using netflow analyzer ?

In Splunk Enterprise Security, how do you access granular audit trails for user and role changes?

How to write a Splunk alert to find malicious C2 traffic using Cisco IPS logs

With Splunk Enterprise Security, I'm getting varying IP geo-location results when comparing Splunk to third-party resources — how frequent are Splunk geo cache updates?

no expected fields in sourcetype

How to create Enterprise Security custom roles and have Notables dashboard different for each roles?

How do you pass the same token for two panels with one drop-down input?

Symantec MSS integration with Splunk for orchestration and Incident Management

Nessus Home and Splunk Add-On for Tenable

In Splunk Enterprise Security, how do you combine two searches into one query and group on a specific field?

Fortigate logs are not in CIM format

Notable Event Urgency issues

Multiple tstats with prestats append=t not working in ES app

Splunk Enterprise Security Alexa Domain NOT lookup failing

Threat Intelligence

Splunk Enterprise Security - Host Sending Excessive Emails Alert / Email Data model

Subsearch relative to base search time

Script exited abnormally with code 114

In Splunk Enterprise Security, how do you use a subsearch to correlate information?

In Splunk Enterprise Security, how does Javascript SDK work? I wanna use client side SDK

Notable event missing from Incident Review dashboard?

Using a different email address to send email responses using adaptive response action

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...

Multi-Select in HTML for Alert Action does not ret...