Splunk Enterprise Security

Community Activity

Resilient-Add on - pre populate fields How would I go about pre-populating the fields from splunk (ex. $name$) to the resilient action/app and have this set... by arlombar Explorer in Splunk Enterprise Security 01-15-2019 0 0	0	0
Splunk enterprise security Is there any way to get all the splunk instances details ( all the search heads, indexers, forwarders etc) from the m... by ninja3526 New Member in Splunk Enterprise Security 01-15-2019 0 3	0	3
CVSS VECTOR STRING field error Qualys TA Has anyone had an issue with the qualys-technology-add-on-ta-for-splunk_134 TA that started today? It looks like the ... by kaw243 Explorer in Splunk Enterprise Security 01-14-2019 1 6	1	6
In Splunk Enterprise Security, why is the eval field from our correlation search missing in a notable event? I have a correlation search in which I use a simple eval command to create a new field (ex. eval test=123). This fiel... by arlombar Explorer in Splunk Enterprise Security 01-14-2019 0 19	0	19
How to onboard TRS application with Splunk? What are the prerequisites ? Is there any add on, if yes, where to install that add on (instance)? by sharma_deeksha0 New Member in Splunk Enterprise Security 01-13-2019 0 0	0	0
Splunk Add on for Nessus 5.1.4 not compatible with Nessus Professional ver. 8. Splunk Add on for Nessus 5.1.4 not compatible with Nessus Professional ver. 8. Any other option to pulling the logs? by deepjyotichangm Engager in Splunk Enterprise Security 01-13-2019 1 0	1	0
In Splunk Enterprise Security, how do you use a regular expression to find destination port numbers? I want to make a usecase that will detect the usage of several destination port numbers. For this, I think it's easie... by kokanne Communicator in Splunk Enterprise Security 01-11-2019 0 3	0	3
Enterprise Security notable events, how to calculate Alert acknowledged / Alert closed Report?? Is there any report in Splunk or please let me know the query to generate report?? Enterprise Security notable events, how to calculate Alert acknowledged / Alert closed Report?? Is there any report i... by IWilsonR Engager in Splunk Enterprise Security 01-11-2019 0 3	0	3
Splunk ES - Adaptive Response - Send Email per Result of Correlation Search Hey Team, Wanted to be able to send an email as an Adaptive Response for a correlation search per result. Just like ... by gworkun Explorer in Splunk Enterprise Security 01-11-2019 3 1	3	1
If I update the assets.csv lookup for ES, how do I update the datamodel which doesn't show updates? If I update the assets.csv lookup for ES, how do I update the datamodel as it doesn't show my updates?? \| from datamo... by radam2000 Path Finder in Splunk Enterprise Security 01-11-2019 0 2	0	2
windows logs filtering based on event IDs impact analysis Hello Team , I have been working on filtering of some noisy windows event logs from indexing and before doing this ... by SunilMaharishi Path Finder in Splunk Enterprise Security 01-11-2019 0 2	0	2
ESCU -Adaptive Response Empty Page Using the ESCU app viewing an Analytic Story searches, selecting the "Configure in ES" erroneously adds "- Rule to th... by rbal_splunk Splunk Employee in Splunk Enterprise Security 01-10-2019 0 1	0	1
ES Incident review Contextualize and Investigate returns blank results page ES Incident review Contextualize and Investigate returns blank results page. This looks like it would be a nice addit... by srickermartin Engager in Splunk Enterprise Security 01-10-2019 0 1	0	1
Simulation data for ESCU Is it possible to get some simulation data for ESCU? Right now all searches just return nothing for our instance. O... by ibmresilient Path Finder in Splunk Enterprise Security 01-09-2019 0 3	0	3
Where is the log that shows when a ES correlated search is created, edited, or disabled? I'd like to create an auditing like dashboard panel that shows the user, the name of the correlated rule, the action ... by DEAD_BEEF Builder in Splunk Enterprise Security 01-09-2019 0 3	0	3
Do we need to upload missing estreamer logs to splunk or its automatic ? My estreamer to device connection was down for sometime, so now I want to upload missing device logs to splunk. I th... by utk123 Path Finder in Splunk Enterprise Security 01-09-2019 0 1	0	1
ES - Threat Activity Search add Host field When matching against threat intel the notable events only shows the source and destination of the matched event. Is ... by mmoermans Path Finder in Splunk Enterprise Security 01-09-2019 0 1	0	1
Collect remote event logs through WMI My splunk server and remote host server is in the same network. In the Splunk server, I went Settings-->Data inputs--... by 16gym New Member in Splunk Enterprise Security 01-09-2019 0 1	0	1
Creating a notable event from correlation search Hi Im using the below search and wish to create a notable event from the search. (filtered to not show company info) ... by shiftey Path Finder in Splunk Enterprise Security 01-06-2019 1 4	1	4
ESS - Simple saved dashboard question Within the ESS application, I created a simple saved dashboard based upon a search: Splunk -> ESS -> Search Speci... by amtm Engager in Splunk Enterprise Security 01-04-2019 0 4	0	4
What is the correct way to add data to Splunk ESS search head? I am a recent hire and am in a predicament. Our Splunk environment is pretty typical, there are clustered indexers/se... by horanman01 Explorer in Splunk Enterprise Security 01-04-2019 0 2	0	2
SRX SD logs not showing up logging in Splunk I am sending SRX SD logs to Splunk and it is not showing up correctly. Splunk unable to recognize the fields with the... by mobin786 New Member in Splunk Enterprise Security 01-03-2019 0 0	0	0
Fork of Splunk Add-on for Check Point OPSEC LEA for Splunk ES Our team is currently updating the field extraction for the existing Splunk Add-on for Check Point OPSEC LEA (https:/... by simonsigre Path Finder in Splunk Enterprise Security 01-02-2019 1 0	1	0
"Do Not Pause" Not Working When Searching Hello, After a recent upgrade to Splunk Version 7.1.4 and Enterprise Security 5.1.4 we are experiencing an issue whe... by cbrodeur Engager in Splunk Enterprise Security 12-31-2018 0 0	0	0
Splunk enterprise and Enterprise Security High availability Hi all, I have a single splunk server machine running splunk enterprise 7. How can i create high availability solutio... by hariskhan Explorer in Splunk Enterprise Security 12-30-2018 0 4	0	4