Splunk Enterprise Security

Community Activity

What is the Identity Management data model for? I am trying to configure Splunk ES app. Need to know what exactly Identity_Management data model means. Any thoughts... by amulay26 Path Finder in Splunk Enterprise Security 03-03-2019 1 1	1	1
Splunk ES Installation and Configuration dashboard error. I first time installing ES apps on Splunk Enterprise 7.2.1 with ES version 5.2.0. Splunk Environment:- 1 SH standalo... by rafeeqsid25 New Member in Splunk Enterprise Security 03-02-2019 0 3	0	3
High Bandwidth usage from same source Trying to monitor a source for high network bandwidth usage , would appreciate leads by arorayo New Member in Splunk Enterprise Security 03-01-2019 0 0	0	0
Compare if field1 == field2 and if field2 = field3 and so on. Building a process tree. I'm trying follow a process to see all of the child processes it created. Essentially i have events that has the fo... by garciarx New Member in Splunk Enterprise Security 03-01-2019 0 0	0	0
Events now Missing from Regular/Notable Index We have an alert that we had setup to create a notable event and email a notification when a particular Windows Event... by stranjer Loves-to-Learn Lots in Splunk Enterprise Security 03-01-2019 0 6	0	6
Enterprise Security connect to firewall and block IP addresses? Hi guys, There is a way that i can automate block IP addresses in my firewall with a script? Where can i put my scr... by johnny_goya Explorer in Splunk Enterprise Security 03-01-2019 0 2	0	2
Symantec add on - CIM Compliance error Hello, I am collecting SEP data from the next sources : symantec:ep:behavior:filesymantec:ep:agent:filesymantec:ep:... by astatrial Contributor in Splunk Enterprise Security 02-28-2019 0 3	0	3
Palo Alto Add-on CIM Network_Traffic, can we map only end events? Palo Alto traffic logs include start and end events. Sometimes multiple start events. Since all traffic logs get the... by MonkeyK Builder in Splunk Enterprise Security 02-27-2019 0 8	0	8
How to export resilient ticket id for notable events in incident review ? We have integrated resilient tool with Splunk. For reporting purpose need to get ticket id for each of the notable ev... by netmayur0007 New Member in Splunk Enterprise Security 02-27-2019 0 2	0	2
In Splunk Enterprise Security, how do you calculate the time difference from different events with the same value for other field? Hello, I'm trying to figure out a search that will parse through all events from a specific sourcetype. For each un... by eugenolteanu New Member in Splunk Enterprise Security 02-27-2019 0 3	0	3
Auditing Datamodels Hello, Is there a way to validate the fields used in the datamodel by how compliant they are with the current setup?... by zekiramhi Path Finder in Splunk Enterprise Security 02-27-2019 0 6	0	6
Splunk Add-on - multi select values in an alert action Hi, I'm working on an add-on for Splunk. I added an alert action, and I'm adding some fields to it. How can I add a ... by shacharh New Member in Splunk Enterprise Security 02-27-2019 0 7	0	7
Alert triggering on an entry not in inputlookup file Hello, i have made an alert as follow : [\|inputlookup admin_groups.csv \| table "query" as Group_Name ] \| search Eve... by cnoulin Explorer in Splunk Enterprise Security 02-27-2019 0 8	0	8
How to whitelist events using inputlookup? I am trying to whitelist events from a specific server using IP and hostname. I am running into 2 issues. I have dif... by wendtb Path Finder in Splunk Enterprise Security 02-26-2019 0 5	0	5
Does a license key(or file) is required to “activate” the Splunk ES App? Hi All, Does a license key(or file) is being required to “activate” the Splunk Enterprise Security App? Looking for... by PruthviPGowda New Member in Splunk Enterprise Security 02-26-2019 0 1	0	1
whether a license key is required for the ES app or not? Hello Folks, I have a concern with one of my customer using Splunk Enterprise Security App,they mentioned the don’t ... by impsk New Member in Splunk Enterprise Security 02-26-2019 0 1	0	1
In Splunk Enterprise Security, how do you change a query result when a drop down option is selected within a panel? Hi, I have four options in a drop down--- Highest,Lowest ,Top 5 and Least 5. Each option has a query: For example ... by bhaskarasplunk Explorer in Splunk Enterprise Security 02-26-2019 0 2	0	2
Unable to distribute to peer from search head Hi, We are facing this issue frequently in splunk search head. Please help me. Unable to distribute to peer named ... by raghu_vedic Path Finder in Splunk Enterprise Security 02-25-2019 0 2	0	2
Monitor correlation/notable/incident review Splunk ES How can I monitor if all correlations open incidents into "Incident Reviews" in Splunk ES correctly? by danielearangiom Explorer in Splunk Enterprise Security 02-25-2019 0 2	0	2
Do we have option in Splunk enterprise security to check the command output We created Dashboard in Splunk enterprise security where we can see the commands status and risk score for those comm... by sahiltcs Path Finder in Splunk Enterprise Security 02-25-2019 0 8	0	8
how do i monitor network data using netflow analyzer ? hello, how do i monitor network data using netflow analyzer? i have installed add on of netflow analyzer.please tell ... by rajpingale123 Engager in Splunk Enterprise Security 02-22-2019 0 1	0	1
In Splunk Enterprise Security, how do you access granular audit trails for user and role changes? I was looking for a way to view WHAT exactly was audited when someone changes a ROLE or USER (capabilities, inherited... by MatthewH007 Path Finder in Splunk Enterprise Security 02-22-2019 2 0	2	0
How to write a Splunk alert to find malicious C2 traffic using Cisco IPS logs Guys, Any idea of writing a splunk query to find the malicious command and control traffic using Cisco IPS logs. We ... by sivasankarketin New Member in Splunk Enterprise Security 02-22-2019 0 2	0	2
With Splunk Enterprise Security, I'm getting varying IP geo-location results when comparing Splunk to third-party resources — how frequent are Splunk geo cache updates? Hi, I'm getting varied results in Splunk when I investigate an IP address' location. Splunk might say "Netherlands",... by crumblecat88 Engager in Splunk Enterprise Security 02-22-2019 0 1	0	1
no expected fields in sourcetype Hello all! resently i downloaded Check Point App for Splunk. I configured in input.conf in order to force all Chech... by infosec_kicb New Member in Splunk Enterprise Security 02-22-2019 0 4	0	4