Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Recommendation for Splunk Enterprise Security architecture in distributed environment

Hi Splunkers, I need some help in planning an ES environment set. Background: We have ES running on a Splunk insta...

by Path Finder in

Can we setup Cisco Firepower eNcore App for Splunk on HF?

hi Team, We are using FMC v6.* version. To integrate the logs of FirePower managemnet console can someone guide me...

by Explorer in

trying to get the swimlane app working in SplunkES. keep receiving connection errors although the network FWs are allowing the traffic.

Followed the following documentation for setup: https://www.secopshub.com/t/managing-splunk-es-notable-events-in-s...

by Explorer in

In Splunk Enterprise Security, will you help me fix the following error: "Failed to start KV Store process. See mongod.log and splunkd.log for details."

Hi team! I need help. I have these errors from a long time ago but I didn't notice. Everything works but I need...

by Path Finder in

How do you edit a correlation rule in a datamodel in Splunk Enterprise Security?

Hello, Our correlation search for "account deleted" in Splunk is firing for any type of machine deletion detected ...

by Path Finder in

In Splunk Enterprise Security, why am I getting the following error when trying to delete an alert?

I am trying to delete an alert but am getting the following error: " Cannot edit report that is embedded and it will ...

by Explorer in

Is CIM app compliance backward compatible?

I have a customer that is upgrading Splunk Core from 6.3.3 to 7.1 and Splunk Enterprise Security (ES)/CIM from 4.7.2 ...

by Splunk Employee in

Where is the documentation for whitelisting vulnerability scanners in ESS version 5.1.1?

Pretty straightforward question. The older guides aren't accurate, I want an up to date guide for doing this. Blah bl...

by Explorer in

Custom dashboards from a search

Hi, I have a local admin search being sent to Splunk from Tenable IO. It lists all the machines (asset) name and e...

by Explorer in

Splunk Enterprise Security: Top Notable Event Sources: Whitelist

Is there a "simple" way to whitelist an IP address that is showing up in the "Top Notable Event Soucres", within Splu...

by Path Finder in

Notable events missing from incident review

Hi guys, I have an issue with splunk ES, any help would be much appreciated. The symptoms - some correlation searches...

by Explorer in

Has anyone scrubbed proofpoint's TAP sourcetype for alerting?

Has anyone scrubbed Proofpoint's TAP sourcetype for alerting? Any common use rules or which conditions and fields wou...

by New Member in

Can you help me input Cisco AMP events to Splunk Enterprise Security?

Hi, I have installed Cisco AMP app on our indexer and i can see AMP events coming in. But, I can't see any malware...

by Path Finder in

ES 5.1のアップグレード後にUIにアクセスできない

Splunkを7.1.1に、そしてESを5.1にアップグレードしたあとに、ESのsearch headを再起動したところ、UIにアクセスできなくなりました。原因および回避策を教えて頂けますか。

by Contributor in

グラステーブルのAd hoc Searchで"invalid search or missing required fields for thresholding"というエラーが表示される

グラステーブルを自分で作ってみたいと思い、既存のアイテムと同じ設定を使いましたが、Viz Typeの種類によってエラーが表示されます。例えば、"Web Browser"グループにある"Web - Source Count"を参...

by Explorer in

ES Contents Update - "Run Analytics"ボタンからの検索画面でエラーが出ます

ES Contents Update を使用し始めましたが、"Analytic Story Detail"画面内にある"Run Analytics"ボタンを押すと、検索画面でエラーが出てしまいます。なぜでしょうか？

by Explorer in

Splunk Integration with BMC CMDB

Hi All, We are looking for integration between BMC CMDB and Splunk 7.2. as the integration is not out of the box s...

by New Member in

How can I ensure that my upgrade of Splunk Enterprise Security doesn't affect my data model acceleration enforcement settings?

Data model acceleration enforcement causing issues with Enterprise Security upgrade I upgraded ES from 5.0.0 to 5....

by Contributor in

How to make a dashboard input to use multiple values as an input?

Hello, I'm trying to make a dashboard input to use multiple values as input. I don't know how to make the query w...

by Communicator in

In Splunk Enterprise Security, how do you search for matching events between two groups of IP addresses?

I am trying to search for events that contain one IP from each of the two groups of IP addresses. For instance: in...

by New Member in

Splunk Enterprise Security

Discussions

Recommendation for Splunk Enterprise Security architecture in distributed environment

Can we setup Cisco Firepower eNcore App for Splunk on HF?

trying to get the swimlane app working in SplunkES. keep receiving connection errors although the network FWs are allowing the traffic.

In Splunk Enterprise Security, will you help me fix the following error: "Failed to start KV Store process. See mongod.log and splunkd.log for details."

How do you edit a correlation rule in a datamodel in Splunk Enterprise Security?

In Splunk Enterprise Security, why am I getting the following error when trying to delete an alert?

Is CIM app compliance backward compatible?

Where is the documentation for whitelisting vulnerability scanners in ESS version 5.1.1?

Custom dashboards from a search

Splunk Enterprise Security: Top Notable Event Sources: Whitelist

Notable events missing from incident review

Has anyone scrubbed proofpoint's TAP sourcetype for alerting?

Can you help me input Cisco AMP events to Splunk Enterprise Security?

ES 5.1のアップグレード後にUIにアクセスできない

グラステーブルのAd hoc Searchで"invalid search or missing required fields for thresholding"というエラーが表示される

ES Contents Update - "Run Analytics"ボタンからの検索画面でエラーが出ます

Splunk Integration with BMC CMDB

How can I ensure that my upgrade of Splunk Enterprise Security doesn't affect my data model acceleration enforcement settings?

How to make a dashboard input to use multiple values as an input?

In Splunk Enterprise Security, how do you search for matching events between two groups of IP addresses?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

How can I run a search that shows the time notable...

Merging identity lookups fails

is there a way to find out when a correlation sear...

Threat intelligence issue

How do I find list of assets or servers "exceeding...

Splunk Enterprise Security

Discussions

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>