Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
richardphung

dest=unknown in ES

We are having an issue with our Splunk ES instance where notables that have dest = unknown, all show up in our ESS In...
by richardphung Communicator in Splunk Enterprise Security 04-25-2019
0 2
0
2
rashid47010

add key indicators into custom dashboard

how can I add existing key indicator to my new dashboard. I want to add malware key indicator to my custom dashboard...
by rashid47010 Communicator in Splunk Enterprise Security 04-25-2019
0 1
0
1
rohitvjoshi

Splunk SIEM Application

Hi All, We are using Splunk Enterprise, During server cleaning, We found out that Splunk Enterprise security is als...
by rohitvjoshi Path Finder in Splunk Enterprise Security 04-24-2019
0 1
0
1
yosoypako

Keep specific events and discard the rest

Hello I want to index the events in the firewalls log based in the alert level and the virtual domain in witch they h...
by yosoypako Path Finder in Splunk Enterprise Security 04-24-2019
0 9
0
9
lakshman239

Update default/props.conf with TA-eStreamer

Hello @douglashurd - Could you pls review default/props.conf as its reusing same name [FIELDALIAS-eStreamer_category...
by lakshman239 Influencer in Splunk Enterprise Security 04-24-2019
0 0
0
0
rashid47010

Threat Intelligence feeds

Hi, I upload custom threat intelligence file named customthreat containing file_name, description,url the threat act...
by rashid47010 Communicator in Splunk Enterprise Security 04-24-2019
0 1
0
1
mmoermans

Threat intel not being added

Ever since the upgrade to ES 5.3.0 the ip_intel lookup doesn't seem to be getting filled anymore and there aren't any...
by mmoermans Path Finder in Splunk Enterprise Security 04-24-2019
0 1
0
1
vinayakwagh

In incident review tab analyst comments getting truncated

when we are adding comments to notable it get indexed but some times the comment is getting truncated.
by vinayakwagh Explorer in Splunk Enterprise Security 04-23-2019
0 1
0
1
plimon

Is there a way to create custom use case categories within ES?

Hello, Is there a way to create custom use case categories within the use case library for ES? The out-of-the-box ca...
by plimon Explorer in Splunk Enterprise Security 04-23-2019
0 3
0
3
adam_dixon95

Adding to 'Additional Fields' In Incident Review

Hi, I'm trying to see if there's a way to add additional/custom fields in Incident Review. Is there much room for c...
by adam_dixon95 Explorer in Splunk Enterprise Security 04-23-2019
0 1
0
1
morethanyell

ES: How to edit "Description" under Incident Review?

Hi, My folks from cybersecurity wishes to display the epoch time under Description to human readable time. I can't s...
by morethanyell Builder in Splunk Enterprise Security 04-23-2019
0 1
0
1
vinayakwagh

Splunk ES Adaptive Response Actions not populating.

while Editing the correlation search Adaptive Response Actions dropdown is not populating which has notable event act...
by vinayakwagh Explorer in Splunk Enterprise Security 04-19-2019
0 0
0
0
astatrial

ess_admin role issues

Hello, I have a splunk cloud managed deployment which has ES installed on it. First thing is that my user has only...
by astatrial Contributor in Splunk Enterprise Security 04-18-2019
0 2
0
2
rkondeti3

Single value delta in glass tables ES showing up as N/A but drilling down shows results

I'm having an issue where building a glass table in ES for a single value delta ad-hoc search is showing up as N/A, b...
by rkondeti3 Explorer in Splunk Enterprise Security 04-17-2019
1 5
1
5
yossefn

How to install UF on servers that installed from an Image server?

Hi, We have a Citrix farm used for browsing by our Call center agents. The Terminal servers are reinstalled automat...
by yossefn Path Finder in Splunk Enterprise Security 04-17-2019
0 1
0
1
hexerino

Performaing a secondary search based on the results of the conditional base search when creating custom Dashboards.

I have a drop-down menu with all of the rule names that appear in the events. Some of those have been mapped in a loo...
by hexerino Explorer in Splunk Enterprise Security 04-17-2019
0 1
0
1
dyeo

Why does the search specifies a macro 'fidelis_get_xps_event' cannot be found?

In our environment we have 3 separate non-distributed search heads and a 3-clustered indexers. When I try running th...
by dyeo Engager in Splunk Enterprise Security 04-16-2019
0 7
0
7
rosho

Is it possible to optimize hyperparameters in MLTK?

Hi I am using MLTK for anomaly detection. So I am benchmarking algorithms. I was wondering if it is possible to opti...
by rosho Communicator in Splunk Enterprise Security 04-16-2019
0 1
0
1
brienhawker

Is it possible to count the number of values in a field by another field without stats?

I have a search where I am trying to determine if a sender is a threat based on several different events that are add...
by brienhawker Explorer in Splunk Enterprise Security 04-13-2019
0 6
0
6
aothman

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed"

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" I did the below but t...
by aothman New Member in Splunk Enterprise Security 04-12-2019
0 0
0
0
pranavna

creating an index accessible to only one Splunk role .

I want to create an index which will have sensitive data and want it to be accessible by only admin team and security...
by pranavna Explorer in Splunk Enterprise Security 04-12-2019
0 4
0
4
rwells2950

Why am I unable to save correlation searches through Splunk Enterprise Security in the context of any custom app?

I cannot save correlation searches through Splunk Enterprise Security in the context of any custom app. After going t...
by rwells2950 Engager in Splunk Enterprise Security 04-11-2019
0 5
0
5
nb1030

Why is Check Point OPSEC LEA is parsing out dst to src and src to dst?

In the logs for "New Anti Virus", the logs contain a "dst=" and "src=" field. For some logs, it is placing the "dst="...
by nb1030 New Member in Splunk Enterprise Security 04-10-2019
0 3
0
3
lakshman239

Splunk Add on for PA - incorrect tagging of Network sessions

** This is not a question, but adding this info for awareness for people using PA and CIM ** The default/tags.conf f...
by lakshman239 Influencer in Splunk Enterprise Security 04-10-2019
0 1
0
1
rashid47010

exclude ip_intel feeds from Threat activity detected correlation search

Threat activity detected correlation rule is too noisy because of IP_intel feeds. How can we exclude them.
by rashid47010 Communicator in Splunk Enterprise Security 04-10-2019
0 0
0
0
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All