Splunk Enterprise Security

Discussions

Thread Info

Installation of Httpedgegrid on Search heads of Splunk ES

Hi How to install the Httpedgegrid on Search heads of Splunk Enterprise Security. @mayurr98

by Explorer in

AD FS integration with Splunk

I’m in the process of on-boarding ADFS as a authentication and authorization log source for a number of applications ...

by New Member in

Best Practice: Separating Dev/Test and Prod Notables in Incident Review

I'm looking to provide two separate ES incident review views: one for rules that are live, and another for new rules ...

by Explorer in

Missing buttons on ES "Configure Navigation" page

I'm trying to follow the "Customize the Menu Bar" steps in https://docs.splunk.com/Documentation/ES/5.0.0/Admin/Custo...

by Explorer in

Enterprise Security: Upgrading from 4.1.x to 4.7.x version on SHC

I was looking into upgrade of ES from 4.1.x version to 4.7.x version. (alongside Splunk). I can see ES changed dramat...

by Super Champion in

How to automatically generate shortIDs to link/share notables event on the ES Incident Review dashboard?,How to automatically generate shortIDs to link and share notable events on the ES Incident Review dashboard?

From the Incident Review dashboard > Actions is possible to Share Notable Events. To get the URL of the notable event...

by Explorer in

A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?

Started getting the following alert after installing ES in our environment. A threat intelligence download has fai...

by Explorer in

Splunk PCI Installation of indexes

Hello, I am installing Splunk PCI app 3.5.0 on an environment that is made of a Search Head and two indexers (not clu...

by Communicator in

How do I set the security_domain in a notable event?

All, I have an alert, which creates a notable event in Splunk ES 5.0. Working pretty good, but I can't set the se...

by Builder in

How to add a custom lookup in Enterprise Security?

I have seen documents for this. As per document path should be below. Select Configure > Content Management. Click C...

by Path Finder in

Send ES notable events to third party API

Hello, I am trying to send notable events to third party API. Can I use webhook to POST notable event details on t...

by New Member in

Splunk App for Enterprise Security: How to add additional fields to events under "Incident Review"?

Hi, We have a requirement to add some additional fields to events under "Incident Review" for IOCs (I have looked ...

by Influencer in

Is there a way to add searchable splunk Notable Event metadata ?

All, I though it would be nice for PCI guy to search the top right by PCI DSS req, say like "10.1" its working fo...

by Builder in

Splunk enterprise security user acceptance test, test use cases

We deploying Splunk enterprise security ( SIEM) solution) and it is in the final implementation stage. does anyone ha...

by New Member in

difference between firewall log management and Splunk Security Log management as a SIEM

by Engager in

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

Hi I would like to ask for help regarding how to match the first dropdown list to the 2nd dropdown list. Here the...

by New Member in

Integration: Splunk Enterprise Security (ES) to Anomali Limo?

Has anyone had luck defining Anomali Limo as a TAXII feed in Splunk Enterprise Security (ES)? Our internal STAXX a...

by New Member in

Add comment field in incident review page.

Can I add comment field as table attribute in incident review page. For that what would be field name so I can map it...

by Path Finder in

AutoJoin / Concatenate: How to add data to a column without reference?

Hi all, I want to add rows to a column for which values have no direct relationship with any data (a forced join) ...

by New Member in

I am searching for a query

I am new to Splunk (Enterprise Security) and I am stuck on making a certain correlation search. An example of the ...

by Engager in

Splunk Enterprise Security

Discussions

Installation of Httpedgegrid on Search heads of Splunk ES

AD FS integration with Splunk

Best Practice: Separating Dev/Test and Prod Notables in Incident Review

Missing buttons on ES "Configure Navigation" page

Enterprise Security: Upgrading from 4.1.x to 4.7.x version on SHC

How to automatically generate shortIDs to link/share notables event on the ES Incident Review dashboard?,How to automatically generate shortIDs to link and share notable events on the ES Incident Review dashboard?

A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?

Splunk PCI Installation of indexes

How do I set the security_domain in a notable event?

How to add a custom lookup in Enterprise Security?

Send ES notable events to third party API

Splunk App for Enterprise Security: How to add additional fields to events under "Incident Review"?

Is there a way to add searchable splunk Notable Event metadata ?

Splunk enterprise security user acceptance test, test use cases

difference between firewall log management and Splunk Security Log management as a SIEM

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

Integration: Splunk Enterprise Security (ES) to Anomali Limo?

Add comment field in incident review page.

AutoJoin / Concatenate: How to add data to a column without reference?

I am searching for a query

Security Essentials / MITRE ATT&CK

Parsing the "_raw" field of Splunk Python SDK resu...

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...