Splunk Enterprise Security

Community Activity

Setting alias for multivalued field for ES/CIM compliance I created an alias for the X_MS_Forwarded_Client_IP (ADFS events) to equal to src. The X_MS_Forwarded_Client_IP is a ... by jwalzerpitt Influencer in Splunk Enterprise Security 05-06-2019 0 2	0	2
Correlation search - Stream events I'll start with the goal of what I am trying to accomplish first. I'd like to be able to detect any source sending da... by Crashfry Path Finder in Splunk Enterprise Security 05-06-2019 0 2	0	2
Dynamically populate search dashboard after transaction Hello, I'm trying to create a dashboard for our email logs, that allows a user to input fields like sender, recipien... by benthehen100 Engager in Splunk Enterprise Security 05-03-2019 0 0	0	0
Removing 1 IP from a threat Intel list without removing the entire list? We are using Splunk es. We started porting list into the threat intel feeds. Our analyst wants to remove a single IP ... by Alspeedo Engager in Splunk Enterprise Security 05-03-2019 1 1	1	1
No Notables is getting generated however i can get the results when correlation searches are run mannually Since morning i am observing my notables are not getting created. I can see the Notable names in Security posture but... by saurabhsumangat New Member in Splunk Enterprise Security 05-02-2019 0 8	0	8
splunk cloud es notable index empty Hello Splunkers we have splunk managed cloud ES and i have enabled all correlation searches as per doc the way we do ... by Splunk_rocks Path Finder in Splunk Enterprise Security 05-01-2019 0 1	0	1
How to extract email addresses from URLs using regex? I have URL's that contain email addresses that I would like to extract via rex into an email field: SAMPLE RAW: mac... by dsmeerkat Explorer in Splunk Enterprise Security 05-01-2019 0 3	0	3
Splunk ES - Troubleshooting Web Data Model We have ES up and running and I'm starting to review the various Security Domains and relevant dashboards/reports. F... by jwalzerpitt Influencer in Splunk Enterprise Security 05-01-2019 0 2	0	2
Add-on for Microsoft Sysmon Hello, The add-on for MS sysmon developed by Dave Herrald has been tested for Sysmon version 8.0 as per the link, bu... by cpaul8 New Member in Splunk Enterprise Security 05-01-2019 0 1	0	1
How to search to see if a value in the description field is greater than a certain number? We have connected Duo Security with Splunk in order to track certain aspects of our security performance. To make thi... by rtsquared Explorer in Splunk Enterprise Security 04-30-2019 0 3	0	3
issue : unable to see how to hide password in S3 example script Hi , I am new and trying to write setup page through modular input where we need to communicate with server .for use... by su_kumar New Member in Splunk Enterprise Security 04-30-2019 0 3	0	3
Disable info page without authentication Hi, Please let me know what is possible way to disable info page (en-US/info) without authentication as it showing d... by pingads11 New Member in Splunk Enterprise Security 04-30-2019 0 0	0	0
How to create investigations in ES 5.2.2? Hi all, So i have added the edit_timeline role to a user and they can create an investigation, but after you click ... by chrispounds Explorer in Splunk Enterprise Security 04-30-2019 0 5	0	5
Identifying events that originate greater than 50 miles from a lon\lat. Hello, We have multiple international locations (Japan, Italy, Spain ect...) and are looking to identify events that... by bbraun New Member in Splunk Enterprise Security 04-29-2019 0 3	0	3
All WSA logs are being tagged as Attack and Malware I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic. It seems t... by david_monaghan Engager in Splunk Enterprise Security 04-26-2019 0 0	0	0
How to install splunk app through Linux terminal? I am just confused to install Splunk app (truStar) via terminal, please don't tell me to download and upload via Splu... by Rocky31 Path Finder in Splunk Enterprise Security 04-26-2019 0 7	0	7
How to rename column name when using "chart count over by" command i written a query and need to change the output name of one the table column ....\| chart count over sourceIP by Stat... by saurabhsumangat New Member in Splunk Enterprise Security 04-26-2019 0 1	0	1
No Notables created but correlation searches are working manually till few afters before all my notables were working properly. I made changes in XML file of default.xml on navigation... by saurabhsumangat New Member in Splunk Enterprise Security 04-25-2019 0 2	0	2
Adding an ID number to ES investigations Is there a way to automagically add a unique ID number to each investigation that is opened? by bcyates Communicator in Splunk Enterprise Security 04-25-2019 0 2	0	2
How to add a view to Enterprise Security? I am trying to add a view to Enterprise Security by going to Configure > General > Navigation. Here I am able to crea... by wendtb Path Finder in Splunk Enterprise Security 04-25-2019 0 1	0	1
Can someone help me understand this event from Splunk ES ? I have these events on Splunk ES security posture dashboard and need help in understand how the detection for this on... by hrithiktej Communicator in Splunk Enterprise Security 04-25-2019 0 3	0	3
How to set up a custom search/alert to track when Windows event log service start/stop for Windows Server 2008+? Just wanted to put this out there to the universe... Has anyone set up a custom search/alert to track when the Window... by metalgear138 Engager in Splunk Enterprise Security 04-25-2019 0 5	0	5
XML Error - Read Timeout while accessing SPLUNK on browser I have recently modified my navigation menu XML through splunk user interface. Now when i refresh the splunk instanc... by saurabhsumangat New Member in Splunk Enterprise Security 04-25-2019 0 0	0	0
dest=unknown in ES We are having an issue with our Splunk ES instance where notables that have dest = unknown, all show up in our ESS In... by richardphung Communicator in Splunk Enterprise Security 04-25-2019 0 2	0	2
add key indicators into custom dashboard how can I add existing key indicator to my new dashboard. I want to add malware key indicator to my custom dashboard... by rashid47010 Communicator in Splunk Enterprise Security 04-25-2019 0 1	0	1