Splunk Enterprise Security

Community Activity

Where I can find Interactive dashboard example for SOC/NOC ? I have seen splunk dashboard example but not find to interactive for my case.please suggest me some good example for ... by ajitshukla Explorer in Splunk Enterprise Security 01-28-2019 0 2	0	2
How to integrate Symantec Control Compliance Suite with Splunk ? How to integrate Symantec Control Compliance Suite with Splunk ? Has anyone done this before and how. by saurabh_tek11 Communicator in Splunk Enterprise Security 01-28-2019 0 2	0	2
Enterprise Security script exited abnormally status="exited with code 3" hi gents, we are getting the following error in our search heads. any ideas about what can be happening? I already c... by asimagu Builder in Splunk Enterprise Security 01-25-2019 3 24	3	24
In Splunk Enterprise Security, can you help me with my Use Cases set up? I want to set up a use case in Splunk, and I am new in this application Logon failures for a user ID during a partic... by arorayo New Member in Splunk Enterprise Security 01-25-2019 0 2	0	2
Configuring Notable event I am trying to create a notable event I am writing a query (index=****** EventCode=4771) in search App and then clic... by ajayrejin Explorer in Splunk Enterprise Security 01-25-2019 0 8	0	8
In Splunk Enterprise Security, how do you go about keeping historical data on a cron job alert that alerts on new Information? I am pulling information from a search that I need to keep but update on top of. For example, my search is finding ... by chandlercr New Member in Splunk Enterprise Security 01-23-2019 0 2	0	2
Help with Splunk Enterprise Security IP threat intelligence lookup Hello Splunkers, I want to create my own saved search in Splunk Enterprise Security working on IP threat intelligenc... by belasker New Member in Splunk Enterprise Security 01-23-2019 0 1	0	1
How to add email action into Adaptive Response in ES Hi Splunkers, I'd like to have ability to create email from an Incident Review dashboard (Actions - Run Adaptive Res... by evelenke Contributor in Splunk Enterprise Security 01-23-2019 1 0	1	0
Enable All Splunk Enterprise Security Features I am trying to use Splunk ES searches and summaries but i'm not sure where to start or what logs are required. My mai... by mgalos New Member in Splunk Enterprise Security 01-22-2019 0 5	0	5
drill down on dashboard? Hi My friends; I have the following search on dashboard for the top incident review, I need when click on specific ... by abdullahalhabba Explorer in Splunk Enterprise Security 01-22-2019 0 1	0	1
In Splunk Enterprise Security, how do you create a user role with ready-only access? Is there any way to create a user role with read-only access to a specific set of indexes? by sesharao92 Explorer in Splunk Enterprise Security 01-22-2019 0 3	0	3
ES app Incident review can not see any notable event I can find correlation searches created notable events: 01-20-2019 00:01:29.782 -0500 INFO sendmodalert - Invoking ... by mchang_splunk Splunk Employee in Splunk Enterprise Security 01-20-2019 0 1	0	1
Can you answer my question about WinEventLogs and XML in Splunk Enterprise Security?: (sourcetype=XmlWinEventLog vs. sourctype=WinEventLog) General Splunk question on ingesting Windows Event Logs. We're currently using XML to ingest all of our Windows Eve... by GenericSplunkUs Path Finder in Splunk Enterprise Security 01-19-2019 0 3	0	3
ES Analytic Story でエラーが表示されます ESでAnalytic Storyを新規で作成しようとしたら、下記のエラーが表示されて先に進みません。 Fetch failed: analyticstories/configs/analytic_story_category ... by nfutatsugi_splu Splunk Employee in Splunk Enterprise Security 01-18-2019 0 1	0	1
Search in incident review page Hi everyone I’m trying to make search by comment in the incident review page, but splunk cant find any results. Whe... by matankar Engager in Splunk Enterprise Security 01-17-2019 0 6	0	6
How to bulk delete multiple host from Splunk not data Hello Experts, Good Morning, How to bulk delete multiple host from Splunk not data. Kindly help with the query. T... by pavi_pavi_p Engager in Splunk Enterprise Security 01-16-2019 0 5	0	5
How can I create a credential containing a backslash? Hi, I am trying to create a credential in Splunk Enterprise Security's credential management feature, but I keep get... by khagan Path Finder in Splunk Enterprise Security 01-16-2019 0 1	0	1
Splunk app sideload/reverse engineer Hey all, I came across Website Monitor splunk app and its exactly what we need to monitor all of our tools. Problem ... by danrogers1982 Engager in Splunk Enterprise Security 01-16-2019 0 4	0	4
Slack Webhook alert not showing as an Adaptive Response in ES Having trouble getting the Slack Webhook Alert to show as an option as an adaptive response under a correlation searc... by jpolcari22 New Member in Splunk Enterprise Security 01-16-2019 0 0	0	0
Separating Kerberos Events in Datamodel.Authentication Greetings-- Kerberos will attempt to impersonate a user by requesting tickets from the Domain Controllers on any dom... by richardphung Communicator in Splunk Enterprise Security 01-16-2019 0 1	0	1
Catalog of reports Hi, Is there a "master" list or "catalog" of reports/dashboards that are available OOTB for Splunk UBA and Splunk ES... by vanvan Path Finder in Splunk Enterprise Security 01-16-2019 1 2	1	2
Splunk Alert using Splunk ITSI Notable Event - Creating a Service Now Incident In Splunk Enterprise I have alerts. Now I want to create Servicenow incidents by adding the alert action using ITSI N... by t_splunk_d Path Finder in Splunk Enterprise Security 01-15-2019 1 0	1	0
Resilient-Add on - pre populate fields How would I go about pre-populating the fields from splunk (ex. $name$) to the resilient action/app and have this set... by arlombar Explorer in Splunk Enterprise Security 01-15-2019 0 0	0	0
Splunk enterprise security Is there any way to get all the splunk instances details ( all the search heads, indexers, forwarders etc) from the m... by ninja3526 New Member in Splunk Enterprise Security 01-15-2019 0 3	0	3
CVSS VECTOR STRING field error Qualys TA Has anyone had an issue with the qualys-technology-add-on-ta-for-splunk_134 TA that started today? It looks like the ... by kaw243 Explorer in Splunk Enterprise Security 01-14-2019 1 6	1	6