Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Recommendation for Splunk Enterprise Security architecture in distributed environment

Hi Splunkers, I need some help in planning an ES environment set. Background: We have ES running on a Splunk insta...

by Path Finder in

Can we setup Cisco Firepower eNcore App for Splunk on HF?

hi Team, We are using FMC v6.* version. To integrate the logs of FirePower managemnet console can someone guide me...

by Explorer in

trying to get the swimlane app working in SplunkES. keep receiving connection errors although the network FWs are allowing the traffic.

Followed the following documentation for setup: https://www.secopshub.com/t/managing-splunk-es-notable-events-in-s...

by Explorer in

In Splunk Enterprise Security, will you help me fix the following error: "Failed to start KV Store process. See mongod.log and splunkd.log for details."

Hi team! I need help. I have these errors from a long time ago but I didn't notice. Everything works but I need...

by Path Finder in

How do you edit a correlation rule in a datamodel in Splunk Enterprise Security?

Hello, Our correlation search for "account deleted" in Splunk is firing for any type of machine deletion detected ...

by Path Finder in

In Splunk Enterprise Security, why am I getting the following error when trying to delete an alert?

I am trying to delete an alert but am getting the following error: " Cannot edit report that is embedded and it will ...

by Explorer in

Is CIM app compliance backward compatible?

I have a customer that is upgrading Splunk Core from 6.3.3 to 7.1 and Splunk Enterprise Security (ES)/CIM from 4.7.2 ...

by Splunk Employee in

Where is the documentation for whitelisting vulnerability scanners in ESS version 5.1.1?

Pretty straightforward question. The older guides aren't accurate, I want an up to date guide for doing this. Blah bl...

by Explorer in

Custom dashboards from a search

Hi, I have a local admin search being sent to Splunk from Tenable IO. It lists all the machines (asset) name and e...

by Explorer in

Splunk Enterprise Security: Top Notable Event Sources: Whitelist

Is there a "simple" way to whitelist an IP address that is showing up in the "Top Notable Event Soucres", within Splu...

by Path Finder in

Notable events missing from incident review

Hi guys, I have an issue with splunk ES, any help would be much appreciated. The symptoms - some correlation searches...

by Explorer in

Has anyone scrubbed proofpoint's TAP sourcetype for alerting?

Has anyone scrubbed Proofpoint's TAP sourcetype for alerting? Any common use rules or which conditions and fields wou...

by New Member in

Can you help me input Cisco AMP events to Splunk Enterprise Security?

Hi, I have installed Cisco AMP app on our indexer and i can see AMP events coming in. But, I can't see any malware...

by Path Finder in

ES 5.1のアップグレード後にUIにアクセスできない

Splunkを7.1.1に、そしてESを5.1にアップグレードしたあとに、ESのsearch headを再起動したところ、UIにアクセスできなくなりました。原因および回避策を教えて頂けますか。

by Contributor in

グラステーブルのAd hoc Searchで"invalid search or missing required fields for thresholding"というエラーが表示される

グラステーブルを自分で作ってみたいと思い、既存のアイテムと同じ設定を使いましたが、Viz Typeの種類によってエラーが表示されます。例えば、"Web Browser"グループにある"Web - Source Count"を参...

by Explorer in

ES Contents Update - "Run Analytics"ボタンからの検索画面でエラーが出ます

ES Contents Update を使用し始めましたが、"Analytic Story Detail"画面内にある"Run Analytics"ボタンを押すと、検索画面でエラーが出てしまいます。なぜでしょうか？

by Explorer in

Splunk Integration with BMC CMDB

Hi All, We are looking for integration between BMC CMDB and Splunk 7.2. as the integration is not out of the box s...

by New Member in

How can I ensure that my upgrade of Splunk Enterprise Security doesn't affect my data model acceleration enforcement settings?

Data model acceleration enforcement causing issues with Enterprise Security upgrade I upgraded ES from 5.0.0 to 5....

by Contributor in

How to make a dashboard input to use multiple values as an input?

Hello, I'm trying to make a dashboard input to use multiple values as input. I don't know how to make the query w...

by Communicator in

In Splunk Enterprise Security, how do you search for matching events between two groups of IP addresses?

I am trying to search for events that contain one IP from each of the two groups of IP addresses. For instance: in...

by New Member in

How do I use regex to select a string between two colons?

I have a field (myfield) whose values are as follows: "0051: IP: Source IP Address Spoofed (Impossible Packet)" ...

by New Member in

How come my Splunk Enterprise security set up has failed?

Hi all, I tried to install a new version of Splunk Enterprise Security. But the set up failed with the error I...

by Path Finder in

CEF Files on Syslog-NG with Universal Forwarder

We use Websense in the Cloud, and their method for retrieving log files is to use a perl script which pulls down the ...

by Engager in

How do I configure Splunk to monitor network traffic on Juniper devices?

Hello. I want to monitor the network traffic in my Company using Splunk. I have configured Splunk to read syslog ...

by Explorer in

How do you encrypt and decrypt whole event data within Splunk?

Hello, I have to Encrypt and Decrypt whole event data within Splunk. **Encrypt -** Our application logs a...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Recommendation for Splunk Enterprise Security architecture in distributed environment

Can we setup Cisco Firepower eNcore App for Splunk on HF?

trying to get the swimlane app working in SplunkES. keep receiving connection errors although the network FWs are allowing the traffic.

In Splunk Enterprise Security, will you help me fix the following error: "Failed to start KV Store process. See mongod.log and splunkd.log for details."

How do you edit a correlation rule in a datamodel in Splunk Enterprise Security?

In Splunk Enterprise Security, why am I getting the following error when trying to delete an alert?

Is CIM app compliance backward compatible?

Where is the documentation for whitelisting vulnerability scanners in ESS version 5.1.1?

Custom dashboards from a search

Splunk Enterprise Security: Top Notable Event Sources: Whitelist

Notable events missing from incident review

Has anyone scrubbed proofpoint's TAP sourcetype for alerting?

Can you help me input Cisco AMP events to Splunk Enterprise Security?

ES 5.1のアップグレード後にUIにアクセスできない

グラステーブルのAd hoc Searchで"invalid search or missing required fields for thresholding"というエラーが表示される

ES Contents Update - "Run Analytics"ボタンからの検索画面でエラーが出ます

Splunk Integration with BMC CMDB

How can I ensure that my upgrade of Splunk Enterprise Security doesn't affect my data model acceleration enforcement settings?

How to make a dashboard input to use multiple values as an input?

In Splunk Enterprise Security, how do you search for matching events between two groups of IP addresses?

How do I use regex to select a string between two colons?

How come my Splunk Enterprise security set up has failed?

CEF Files on Syslog-NG with Universal Forwarder

How do I configure Splunk to monitor network traffic on Juniper devices?

How do you encrypt and decrypt whole event data within Splunk?

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions