Splunk Enterprise Security

Discussions

Thread Info

Enterprise Security notable events, how to calculate Alert acknowledged / Alert closed Report?? Is there any report in Splunk or please let me know the query to generate report??

Enterprise Security notable events, how to calculate Alert acknowledged / Alert closed Report?? Is there any report i...

by Engager in

Splunk ES - Adaptive Response - Send Email per Result of Correlation Search

Hey Team, Wanted to be able to send an email as an Adaptive Response for a correlation search per result. Just lik...

by Explorer in

If I update the assets.csv lookup for ES, how do I update the datamodel which doesn't show updates?

If I update the assets.csv lookup for ES, how do I update the datamodel as it doesn't show my updates?? | from datamo...

by Path Finder in

windows logs filtering based on event IDs impact analysis

Hello Team , I have been working on filtering of some noisy windows event logs from indexing and before doing this...

by Path Finder in

ESCU -Adaptive Response Empty Page

Using the ESCU app viewing an Analytic Story searches, selecting the "Configure in ES" erroneously adds "- Rule to th...

by Splunk Employee in

ES Incident review Contextualize and Investigate returns blank results page

ES Incident review Contextualize and Investigate returns blank results page. This looks like it would be a nice addit...

by Engager in

Simulation data for ESCU

Is it possible to get some simulation data for ESCU? Right now all searches just return nothing for our instance. ...

by Path Finder in

Where is the log that shows when a ES correlated search is created, edited, or disabled?

I'd like to create an auditing like dashboard panel that shows the user, the name of the correlated rule, the action ...

by Builder in

Do we need to upload missing estreamer logs to splunk or its automatic ?

My estreamer to device connection was down for sometime, so now I want to upload missing device logs to splunk. I th...

by Path Finder in

ES - Threat Activity Search add Host field

When matching against threat intel the notable events only shows the source and destination of the matched event. Is ...

by Path Finder in

Collect remote event logs through WMI

My splunk server and remote host server is in the same network. In the Splunk server, I went Settings-->Data inputs--...

by New Member in

Creating a notable event from correlation search

Hi Im using the below search and wish to create a notable event from the search. (filtered to not show company info) ...

by Path Finder in

ESS - Simple saved dashboard question

Within the ESS application, I created a simple saved dashboard based upon a search: Splunk -> ESS -> Search Specify ...

by Engager in

What is the correct way to add data to Splunk ESS search head?

I am a recent hire and am in a predicament. Our Splunk environment is pretty typical, there are clustered indexers/se...

by Explorer in

SRX SD logs not showing up logging in Splunk

I am sending SRX SD logs to Splunk and it is not showing up correctly. Splunk unable to recognize the fields with the...

by New Member in

Fork of Splunk Add-on for Check Point OPSEC LEA for Splunk ES

Our team is currently updating the field extraction for the existing Splunk Add-on for Check Point OPSEC LEA (https:/...

by Path Finder in

"Do Not Pause" Not Working When Searching

Hello, After a recent upgrade to Splunk Version 7.1.4 and Enterprise Security 5.1.4 we are experiencing an issue w...

by Engager in

Splunk enterprise and Enterprise Security High availability

Hi all, I have a single splunk server machine running splunk enterprise 7. How can i create high availability solutio...

by Explorer in

How to configure SAML authentication in search head clustering which has a load balancer.

Hello, we gave one of our metadata file from one of the search head to the saml team and And our identitiy provider i...

by Path Finder in

How do I exclude a specific field value from search results?

I'm trying to exclude a specific value from my search result, what I'm currently getting is the list of top hosts usi...

by New Member in

How to Create Conditional Alerting based on Lookup Tables

I currently have alerting setup for authentications that occur from outside of the country. However, I would like to ...

by New Member in

FireEye App Compatibility with ESS

Is the FireEye app compatible with ESS? I have both deployed but there is some overlap between the TA-FireEye that co...

by Path Finder in

In Splunk Enterprise Security, how do I run a savedsearch of ESCU using SPL?

Splunk Enterprise Content Updates has this Analytic Story: Account Monitoring and Controls. It contains a savedsearch...

by Path Finder in

How come our data models are only displaying CIM fields and not the raw fields of the source type?

Description: Data models are not showing the raw fields of the source type. They only display the CIM fields. Goal...

by Splunk Employee in

How come I can't see my own apps in Correlation Search App's drop-down in Enterprise Security?

When doing a Correlation Search in ES, I want to save it in my own Apps, but they don't show in the drop-down. I c...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Enterprise Security notable events, how to calculate Alert acknowledged / Alert closed Report?? Is there any report in Splunk or please let me know the query to generate report??

Splunk ES - Adaptive Response - Send Email per Result of Correlation Search

If I update the assets.csv lookup for ES, how do I update the datamodel which doesn't show updates?

windows logs filtering based on event IDs impact analysis

ESCU -Adaptive Response Empty Page

ES Incident review Contextualize and Investigate returns blank results page

Simulation data for ESCU

Where is the log that shows when a ES correlated search is created, edited, or disabled?

Do we need to upload missing estreamer logs to splunk or its automatic ?

ES - Threat Activity Search add Host field

Collect remote event logs through WMI

Creating a notable event from correlation search

ESS - Simple saved dashboard question

What is the correct way to add data to Splunk ESS search head?

SRX SD logs not showing up logging in Splunk

Fork of Splunk Add-on for Check Point OPSEC LEA for Splunk ES

"Do Not Pause" Not Working When Searching

Splunk enterprise and Enterprise Security High availability

How to configure SAML authentication in search head clustering which has a load balancer.

How do I exclude a specific field value from search results?

How to Create Conditional Alerting based on Lookup Tables

FireEye App Compatibility with ESS

In Splunk Enterprise Security, how do I run a savedsearch of ESCU using SPL?

How come our data models are only displaying CIM fields and not the raw fields of the source type?

How come I can't see my own apps in Correlation Search App's drop-down in Enterprise Security?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions