Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Local lookup CSV to Threat Intel KV timestamp - age out indicators

Has anyone tackled IOC expiry / timestamp issues between a local lookup and the Splunk ES Threat Intel KV store ? ...

by Path Finder in

Custom Role Inheritance Is Not Working In ES App After Upgrade

Customer have created SOC l1 and SOCl 2 custom roles, SOC l1 has the inherited role ES analyst, ES user and user. ...

by Splunk Employee in

How do you normalize time fields, and then use them to compare two different source types?

Hi All, While trying to build a correlation search, I have run into a standpoint, where I need some help. I have t...

by Communicator in

Check if new software detected exists/doesn't exist in Lookup

I am trying to find out when a new software get installed on any end point. and I also have a script running to colle...

by New Member in

In Splunk Enterprise Security, can you help me fix my search that uses the tstats command with a NOT operator?

I'm trying to use the NOT operator in a search to exclude internal destination traffic. Any help would be great! |...

by New Member in

integrate splunk enterprise security with Active Directory 、Linux system log etc. to detect security events best practices

Hi everyone, I'm a splunk es novice. I would like to ask about best practices for ingesting data into ES . for ...

by Contributor in

CIM: About the flexibility of the action field

Hello again, I'm developing a compliance app, the intention is to make it the more CIM compliant as possible, but ...

by Communicator in

NFR license for Splunk ES

Hi , I have partnered with Splunk ES and I would like to know whether my partnered account has a NFR license? If not ...

by New Member in

Overlapping window frame and throttling produce false positives and false negatives

Hello, Please, who can help with a solution for the below scenario that in my case produces false positives, false NE...

by Explorer in

Will my multi-site clustering setup in Splunk Enterprise result in data loss?

I have 2 sites with Multi-site clustering enabled, with one site as 3 indexes, 15Tb disk each, and another site with ...

by New Member in

In Splunk Enterprise Security, how do you monitor a shared directory on multiple servers?

server 1 server 2 server 3 monitoring location is shared \server[1-3]\logs\serevr.log server[1-3] is able to re...

by Explorer in

Where can I find a complete list of certifications on 1 page ?

Looking for a brief list of all the certifications related to Splunk Enterprise Security

by Engager in

What is the Identity Management data model for?

I am trying to configure Splunk ES app. Need to know what exactly Identity_Management data model means. Any though...

by Path Finder in

Splunk ES Installation and Configuration dashboard error.

I first time installing ES apps on Splunk Enterprise 7.2.1 with ES version 5.2.0. Splunk Environment:- 1 SH standa...

by New Member in

High Bandwidth usage from same source

Trying to monitor a source for high network bandwidth usage , would appreciate leads

by New Member in

Compare if field1 == field2 and if field2 = field3 and so on. Building a process tree.

I'm trying follow a process to see all of the child processes it created. Essentially i have events that has the ...

by New Member in

Events now Missing from Regular/Notable Index

We have an alert that we had setup to create a notable event and email a notification when a particular Windows Event...

by Loves-to-Learn Lots in

Why is the ES Incident Review page still lists deleted Correlation Searches in the Multiselect box "Correlation Search Name"?

The ES Incident Review page still lists deleted Correlation Searches Names in the Multiselect box "Correlation Search...

by Splunk Employee in

Enterprise Security connect to firewall and block IP addresses?

Hi guys, There is a way that i can automate block IP addresses in my firewall with a script? Where can i put my...

by Explorer in

Is there a way to run a search with an adaptive response?

I am currently in the process of creating an adaptive response that I want to be able to add some user input into a l...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Local lookup CSV to Threat Intel KV timestamp - age out indicators

Custom Role Inheritance Is Not Working In ES App After Upgrade

How do you normalize time fields, and then use them to compare two different source types?

Check if new software detected exists/doesn't exist in Lookup

In Splunk Enterprise Security, can you help me fix my search that uses the tstats command with a NOT operator?

integrate splunk enterprise security with Active Directory 、Linux system log etc. to detect security events best practices

CIM: About the flexibility of the action field

NFR license for Splunk ES

Overlapping window frame and throttling produce false positives and false negatives

Will my multi-site clustering setup in Splunk Enterprise result in data loss?

In Splunk Enterprise Security, how do you monitor a shared directory on multiple servers?

Where can I find a complete list of certifications on 1 page ?

What is the Identity Management data model for?

Splunk ES Installation and Configuration dashboard error.

High Bandwidth usage from same source

Compare if field1 == field2 and if field2 = field3 and so on. Building a process tree.

Events now Missing from Regular/Notable Index

Why is the ES Incident Review page still lists deleted Correlation Searches in the Multiselect box "Correlation Search Name"?

Enterprise Security connect to firewall and block IP addresses?

Is there a way to run a search with an adaptive response?

Tips & Tricks When Using Ingest Actions

Announcing Our Splunk MVPs

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...

Splunk Security Analyst Workflows 7.1.0- Does filt...