Splunk Enterprise Security

Discussions

Thread Info

How to enable and send an email notification when an incident has been assigned in Splunk Enterprise?

Dear Team, In splunk ES if the incident is assigned to someone an email notification needs to be sent that the incide...

by Engager in

why do we not have setup.xml in add-on's created by add-on builder?

Greetings I am using the latest version of add-on builder (2.2.0) and can create an alert action/adaptive response...

by SplunkTrust in

How to get (or generate) Splunk ES notable event titles as seen on Incident Review dashboard

I would like to create a dashboard that displays notable event titles as seen on the Incident Review dashboard. Is th...

by Explorer in

Splunk Enterprise Security Default Workflow Actions

Are the Workflow Actions listed in the Enterprise Security Sandbox installed by default with a new Enterprise Securit...

by New Member in

How to make cluster map drilldown link to related search?

<title>Registered Devices (Map)</title> <search> <query>| devicesearch query="$sensor_sea...

by New Member in

Need help to update "Notable -Substantial Increase In Port Activity" to establish a base line for each destination port

We have not been using the Splunk ES for long and the “xswhere” used for this notable is an extreme search. The extre...

by Contributor in

Create event type as alert action

Splunk Enterprise Security uses "event types" as a means to suppress future alerting on a set of field values. We lik...

by Path Finder in

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

In our Splunk Enterprise Incident review queue, I have a custom lookup that is being used for our threat intelligence...

by Explorer in

Format an asset list in Splunk Enterprise Security

Hi Splunkers, As it's stated in documentation, fields like ip, mac, dns in Asset lookup should be "A pipe-delimite...

by Contributor in

Can you run a correlation search as an adaptive response or can you run a correlation search from a python script?

Hi all, I have created an adaptive response collects information from a host and indexes it. I have attached th...

by Communicator in

Splunk Enterprise Security - How do you add asset fields in new search automatically?

Hi, I'm working on adding new data in CIM and putting tags in Communication and network with required fields. Of c...

by Engager in

Is the webhook option supported for adaptive response actions in Enterprise Security?

The webhook opiont is only available under Search & Reporting alert actions. This option in not available in the adap...

by Engager in

Time-based Assignment of Notable Events

Hello Is it possible to assign the default owner of the notable event based on a time schedule? For example, if...

by Engager in

Enterprise Security Question

We are using ES and I was wondering if all the data models\lookups and enriched data available when searching from a ...

by Path Finder in

ES - Access Tracker not recording successful AD auth due to lack of dest

The correlation search 'Completely Inactive Accounts' makes use of the Access Tracker lookup, which records the most ...

by Communicator in

Threat Intelligence download remains stuck on csv doanload

I added a new Threat Intelligence Download and in the Audit dashboard I can constantly see that the feed on "csv down...

by Engager in

Unable to create the alert in ES App

I tried creating an ES App alert to detect if anyone is sending emails to the mentioned blacklisted domains, but its ...

by Explorer in

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Hi everyone, I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically fo...

by Path Finder in

How to launch Splunk URL using xml file?

Hi, I am trying to call dashboard via the XML file. How do I pass the username and password as parameters? http...

by New Member in

Splunk Stream: How can I integrate Splunk Stream with Enterprise Security and get the Adaptive Response action to run one-off Streams to function?

Hey all, Looking for any better documentation/steps on integrating Splunk Stream app with Enterprise Security. Run...

by Explorer in

Splunk Enterprise Security

Discussions

How to enable and send an email notification when an incident has been assigned in Splunk Enterprise?

why do we not have setup.xml in add-on's created by add-on builder?

How to get (or generate) Splunk ES notable event titles as seen on Incident Review dashboard

Splunk Enterprise Security Default Workflow Actions

How to make cluster map drilldown link to related search?

Need help to update "Notable -Substantial Increase In Port Activity" to establish a base line for each destination port

Create event type as alert action

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

Format an asset list in Splunk Enterprise Security

Can you run a correlation search as an adaptive response or can you run a correlation search from a python script?

Splunk Enterprise Security - How do you add asset fields in new search automatically?

Is the webhook option supported for adaptive response actions in Enterprise Security?

Time-based Assignment of Notable Events

Enterprise Security Question

ES - Access Tracker not recording successful AD auth due to lack of dest

Threat Intelligence download remains stuck on csv doanload

Unable to create the alert in ES App

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

How to launch Splunk URL using xml file?

Splunk Stream: How can I integrate Splunk Stream with Enterprise Security and get the Adaptive Response action to run one-off Streams to function?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

How to calculate "ES volume in GB" given on the In...

How can I form Notable URL link if I have notable ...

In streams, the aggregation of a variable sets the...

Why is the "summary.earliest_time" field from the ...

I want to send the event_id of the notable event t...

Splunk Enterprise Security

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >