Splunk Enterprise Security

Community Activity

Error When Using DNSLOOKUP Command I`m trying to run a search using dnslookup. index=MY_INDEX host=MY_HOST \| lookup dnslookup clienthost as host output... by alonsocaio Contributor in Splunk Enterprise Security 03-13-2019 0 0	0	0
what does timeDiff_type field in es_notable_events collection does? I was trying to get report of top notable events created in splunk. Below is the search query for it: \| es_notable_ev... by anands4 Engager in Splunk Enterprise Security 03-13-2019 0 2	0	2
How to get a report of Investigations from Enterprise Security How to get a report of Investigations from Enterprise Security. The report should contain Name, Description,Status,Cr... by ajayrejin Explorer in Splunk Enterprise Security 03-13-2019 0 0	0	0
Status doesnot change for each notable event Hi, We have notable events that is being triggered in enterprise security. There similar events that are triggering ... by ajayrejin Explorer in Splunk Enterprise Security 03-13-2019 0 2	0	2
Local lookup CSV to Threat Intel KV timestamp - age out indicators Has anyone tackled IOC expiry / timestamp issues between a local lookup and the Splunk ES Threat Intel KV store ? I ... by ahartge Path Finder in Splunk Enterprise Security 03-12-2019 2 2	2	2
Custom Role Inheritance Is Not Working In ES App After Upgrade Customer have created SOC l1 and SOCl 2 custom roles, SOC l1 has the inherited role ES analyst, ES user and user. S... by rsantoso_splunk Splunk Employee in Splunk Enterprise Security 03-07-2019 0 1	0	1
How do you normalize time fields, and then use them to compare two different source types? Hi All, While trying to build a correlation search, I have run into a standpoint, where I need some help. I have two... by shiv1593 Communicator in Splunk Enterprise Security 03-07-2019 0 9	0	9
Check if new software detected exists/doesn't exist in Lookup I am trying to find out when a new software get installed on any end point. and I also have a script running to colle... by siddh01r New Member in Splunk Enterprise Security 03-07-2019 0 2	0	2
In Splunk Enterprise Security, can you help me fix my search that uses the tstats command with a NOT operator? I'm trying to use the NOT operator in a search to exclude internal destination traffic. Any help would be great! \| t... by jvanbibber New Member in Splunk Enterprise Security 03-06-2019 0 4	0	4
integrate splunk enterprise security with Active Directory 、Linux system log etc. to detect security events best practices Hi everyone, I'm a splunk es novice. I would like to ask about best practices for ingesting data into ES . for ex... by bestSplunker Contributor in Splunk Enterprise Security 03-06-2019 0 3	0	3
CIM: About the flexibility of the action field Hello again, I'm developing a compliance app, the intention is to make it the more CIM compliant as possible, but he... by 3DGjos Communicator in Splunk Enterprise Security 03-06-2019 0 5	0	5
NFR license for Splunk ES Hi , I have partnered with Splunk ES and I would like to know whether my partnered account has a NFR license? If not ... by pkoirala New Member in Splunk Enterprise Security 03-05-2019 0 1	0	1
Overlapping window frame and throttling produce false positives and false negatives Hello, Please, who can help with a solution for the below scenario that in my case produces false positives, false NE... by printul77700 Explorer in Splunk Enterprise Security 03-05-2019 1 0	1	0
Will my multi-site clustering setup in Splunk Enterprise result in data loss? I have 2 sites with Multi-site clustering enabled, with one site as 3 indexes, 15Tb disk each, and another site with ... by ashishebansal New Member in Splunk Enterprise Security 03-05-2019 0 5	0	5
In Splunk Enterprise Security, how do you monitor a shared directory on multiple servers? server 1 server 2 server 3 monitoring location is shared \server[1-3]\logs\serevr.log server[1-3] is able to reach ... by btawiah Explorer in Splunk Enterprise Security 03-04-2019 0 4	0	4
Where can I find a complete list of certifications on 1 page ? Looking for a brief list of all the certifications related to Splunk Enterprise Security by harvinder2314 Engager in Splunk Enterprise Security 03-03-2019 0 1	0	1
What is the Identity Management data model for? I am trying to configure Splunk ES app. Need to know what exactly Identity_Management data model means. Any thoughts... by amulay26 Path Finder in Splunk Enterprise Security 03-03-2019 1 1	1	1
Splunk ES Installation and Configuration dashboard error. I first time installing ES apps on Splunk Enterprise 7.2.1 with ES version 5.2.0. Splunk Environment:- 1 SH standalo... by rafeeqsid25 New Member in Splunk Enterprise Security 03-02-2019 0 3	0	3
High Bandwidth usage from same source Trying to monitor a source for high network bandwidth usage , would appreciate leads by arorayo New Member in Splunk Enterprise Security 03-01-2019 0 0	0	0
Compare if field1 == field2 and if field2 = field3 and so on. Building a process tree. I'm trying follow a process to see all of the child processes it created. Essentially i have events that has the fo... by garciarx New Member in Splunk Enterprise Security 03-01-2019 0 0	0	0
Events now Missing from Regular/Notable Index We have an alert that we had setup to create a notable event and email a notification when a particular Windows Event... by stranjer Loves-to-Learn Lots in Splunk Enterprise Security 03-01-2019 0 6	0	6
Enterprise Security connect to firewall and block IP addresses? Hi guys, There is a way that i can automate block IP addresses in my firewall with a script? Where can i put my scr... by johnny_goya Explorer in Splunk Enterprise Security 03-01-2019 0 2	0	2
Symantec add on - CIM Compliance error Hello, I am collecting SEP data from the next sources : symantec:ep:behavior:filesymantec:ep:agent:filesymantec:ep:... by astatrial Contributor in Splunk Enterprise Security 02-28-2019 0 3	0	3
Palo Alto Add-on CIM Network_Traffic, can we map only end events? Palo Alto traffic logs include start and end events. Sometimes multiple start events. Since all traffic logs get the... by MonkeyK Builder in Splunk Enterprise Security 02-27-2019 0 8	0	8
How to export resilient ticket id for notable events in incident review ? We have integrated resilient tool with Splunk. For reporting purpose need to get ticket id for each of the notable ev... by netmayur0007 New Member in Splunk Enterprise Security 02-27-2019 0 2	0	2