Splunk Enterprise Security

Community Activity

In the Lookup File Editor App, can you help me with the lookup permissions? Hi, When having lookups contained within an app, is it possible to set user permissions at the 'app' level as oppose... by jacqu3sy Path Finder in Splunk Enterprise Security 02-07-2019 0 2	0	2
How do I add macros into my search? Would any one know how to look up the name of a person who owns a notable event using the owner field? This is my sea... by wrosadj New Member in Splunk Enterprise Security 02-07-2019 0 2	0	2
Any idea how I can troubleshoot this indexes.conf config? All, I have this indexes.conf and added a frozen archive. The path is fully readable and writable by the Splunk use... by daniel333 Builder in Splunk Enterprise Security 02-05-2019 0 2	0	2
BlueCoat ThreatPulse -- Does anyone have experience logging data from ThreatPulse? Greetings - I'm using BlueCoat ThreatPulse as a web filter ('cloud' based). The only method to pull their logs is vi... by jasonportico Engager in Splunk Enterprise Security 02-05-2019 0 3	0	3
Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the current version will support the 7.0 and above Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the curren... by Mahesh08 New Member in Splunk Enterprise Security 02-04-2019 0 2	0	2
HPE Aruba ClearPass App for Splunk Enterprise: How to configure the app for my Splunk instance? I have a Splunk instance with a Search Head (SH) and two load balanced Indexers. There are two Heavy Forwarders (HF) ... by MikeBertelsen Communicator in Splunk Enterprise Security 02-04-2019 0 5	0	5
ThreatQuotient Integration With Splunk ES App Hello All, I am currently working on integration of Threatquotient feed to Splunk. I am successful in getting the ... by ernst_young_chn Engager in Splunk Enterprise Security 02-04-2019 0 2	0	2
Add Adaptive Response fields to Notable Event I've done quite a bit of research on this top and I've found this post from a few years ago which references George S... by ericl42 Path Finder in Splunk Enterprise Security 01-31-2019 0 0	0	0
What is the purpose of the `useother` macro Looking at some of the built in dashboards in Enterprise Security, there is a macro named useother \| tstats count fr... by CSmoke Path Finder in Splunk Enterprise Security 01-31-2019 0 2	0	2
How Do I Map Splunk Security Content to MITRE ATT&CK? I would like to map the Splunk Security Content from Enterprise Security (ES), Enterprise Security Content Update (ES... by David Splunk Employee in Splunk Enterprise Security 01-31-2019 1 2	1	2
Splunk Azure Deployment questions Hey All, We are researching a potential Splunk deployment to the Azure cloud but had a few questions. In the docume... by adalbor Builder in Splunk Enterprise Security 01-30-2019 0 6	0	6
Does the Splunk Enterprise Security license expire? How does the Splunk enterprise security expire? Is it related to the license? My client is asking - if Enterprise S... by jadengoho Builder in Splunk Enterprise Security 01-30-2019 1 4	1	4
Splunk Enterprise Security App Integration with Ticketing / Incident Response System We recently emailed Splunk with some questions regarding the integration of Splunk Enterprise Security App into a tic... by fharding Explorer in Splunk Enterprise Security 01-30-2019 7 3	7	3
map_notable_fields in ES bug ? Hi guys I have this search: \| datamodel "Malware" "Malware_Attacks" search \| `drop_dm_object_name(Malware_Attacks)`... by agneticdk Path Finder in Splunk Enterprise Security 01-30-2019 0 2	0	2
Can you help us migrate Splunk Enterprise to Splunk Cloud? Hi Team, Recently, we have purchased Splunk Cloud for our organization. And currently we have all of our setup in o... by anandhalagarasa Path Finder in Splunk Enterprise Security 01-29-2019 0 3	0	3
metatada from index manipulation with aliases I wanted to use the metadata command to monitor the last time an IDS sensor fed in our index. Because we are using fi... by pavlni Engager in Splunk Enterprise Security 01-29-2019 0 1	0	1
Where I can find Interactive dashboard example for SOC/NOC ? I have seen splunk dashboard example but not find to interactive for my case.please suggest me some good example for ... by ajitshukla Explorer in Splunk Enterprise Security 01-28-2019 0 2	0	2
How to integrate Symantec Control Compliance Suite with Splunk ? How to integrate Symantec Control Compliance Suite with Splunk ? Has anyone done this before and how. by saurabh_tek11 Communicator in Splunk Enterprise Security 01-28-2019 0 2	0	2
Enterprise Security script exited abnormally status="exited with code 3" hi gents, we are getting the following error in our search heads. any ideas about what can be happening? I already c... by asimagu Builder in Splunk Enterprise Security 01-25-2019 3 24	3	24
In Splunk Enterprise Security, can you help me with my Use Cases set up? I want to set up a use case in Splunk, and I am new in this application Logon failures for a user ID during a partic... by arorayo New Member in Splunk Enterprise Security 01-25-2019 0 2	0	2
Configuring Notable event I am trying to create a notable event I am writing a query (index=****** EventCode=4771) in search App and then clic... by ajayrejin Explorer in Splunk Enterprise Security 01-25-2019 0 8	0	8
In Splunk Enterprise Security, how do you go about keeping historical data on a cron job alert that alerts on new Information? I am pulling information from a search that I need to keep but update on top of. For example, my search is finding ... by chandlercr New Member in Splunk Enterprise Security 01-23-2019 0 2	0	2
Help with Splunk Enterprise Security IP threat intelligence lookup Hello Splunkers, I want to create my own saved search in Splunk Enterprise Security working on IP threat intelligenc... by belasker New Member in Splunk Enterprise Security 01-23-2019 0 1	0	1
How to add email action into Adaptive Response in ES Hi Splunkers, I'd like to have ability to create email from an Incident Review dashboard (Actions - Run Adaptive Res... by evelenke Contributor in Splunk Enterprise Security 01-23-2019 1 0	1	0
Enable All Splunk Enterprise Security Features I am trying to use Splunk ES searches and summaries but i'm not sure where to start or what logs are required. My mai... by mgalos New Member in Splunk Enterprise Security 01-22-2019 0 5	0	5