Splunk Enterprise Security

Discussions

Thread Info

Splunk ESS index does not have any data

Hi all, I am new to splunk. I have installed splunk ESS(5.2) on search head. Splunk environment has one search hea...

by Path Finder in

Same Licence over multiple instances

Hi, We have an enterprise version of Spunk and are running numerous instances of Splunk with LicenceMaster. We have o...

by New Member in

Can you help me come up with the regex to extract multiple format events?

2018-09-28 14:33:23,Virus found,IP Address: 127.0.0.1,csk name: abcd012018-09-25T09:07:02.240377+00:00 0.0.0.0 Sep 25...

by Path Finder in

ES Health "unshipped" audit

Hi there, Is the ES health audit upgrade, "unshipped" section entirely accurate? Asking as there have been multipl...

by Builder in

How can I use an inputlookup command to return results that are not limited to one file?

I want to use inputlookup to search only a certain set of hosts. These are in a .csv file. I have the query and it's ...

by Communicator in

Investigation tab Access to user with ess_user role

Hello Team , we have some managers whom i gave access with ess_user role so that they can view dashboards and pane...

by Path Finder in

How to get lookup results into datamodel

I am trying to get lookup results into accelerated datamodel, but no luck so far. I am using network_traffic datamode...

by Explorer in

ERROR S2SFileReceiver - event=onFileOpened replicationType=eArtifactFiles

Hi there, Has anyone ever seen this error before? ERROR S2SFileReceiver - event=onFileOpened replicationType=eA...

by Builder in

Splunk dashboard user session never expires

Hello guys, We are using SH Clustering with Eneterprise SEcurity with F5 Load balancer. We have a requirement from...

by Path Finder in

Can you help me a problem I'm having with BRO's DNS logs and Correlation Searches?

The Detect Long DNS TXT Record Response does not show anything: | tstats count min(_time) as firstTime max(_time) ...

by Path Finder in

Splunk Enterprise Security create alerts for multiple threshold values

Hello, we have Splunk ES and using Malware datamodel. Requirement is like this and everything need to be in one s...

by Path Finder in

Recommendation for Splunk Enterprise Security architecture in distributed environment

Hi Splunkers, I need some help in planning an ES environment set. Background: We have ES running on a Splunk insta...

by Path Finder in

Can we setup Cisco Firepower eNcore App for Splunk on HF?

hi Team, We are using FMC v6.* version. To integrate the logs of FirePower managemnet console can someone guide me...

by Explorer in

trying to get the swimlane app working in SplunkES. keep receiving connection errors although the network FWs are allowing the traffic.

Followed the following documentation for setup: https://www.secopshub.com/t/managing-splunk-es-notable-events-in-s...

by Explorer in

In Splunk Enterprise Security, will you help me fix the following error: "Failed to start KV Store process. See mongod.log and splunkd.log for details."

Hi team! I need help. I have these errors from a long time ago but I didn't notice. Everything works but I need...

by Path Finder in

How do you edit a correlation rule in a datamodel in Splunk Enterprise Security?

Hello, Our correlation search for "account deleted" in Splunk is firing for any type of machine deletion detected ...

by Path Finder in

In Splunk Enterprise Security, why am I getting the following error when trying to delete an alert?

I am trying to delete an alert but am getting the following error: " Cannot edit report that is embedded and it will ...

by Explorer in

Is CIM app compliance backward compatible?

I have a customer that is upgrading Splunk Core from 6.3.3 to 7.1 and Splunk Enterprise Security (ES)/CIM from 4.7.2 ...

by Splunk Employee in

Where is the documentation for whitelisting vulnerability scanners in ESS version 5.1.1?

Pretty straightforward question. The older guides aren't accurate, I want an up to date guide for doing this. Blah bl...

by Explorer in

Custom dashboards from a search

Hi, I have a local admin search being sent to Splunk from Tenable IO. It lists all the machines (asset) name and e...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk ESS index does not have any data

Same Licence over multiple instances

Can you help me come up with the regex to extract multiple format events?

ES Health "unshipped" audit

How can I use an inputlookup command to return results that are not limited to one file?

Investigation tab Access to user with ess_user role

How to get lookup results into datamodel

ERROR S2SFileReceiver - event=onFileOpened replicationType=eArtifactFiles

Splunk dashboard user session never expires

Can you help me a problem I'm having with BRO's DNS logs and Correlation Searches?

Splunk Enterprise Security create alerts for multiple threshold values

Recommendation for Splunk Enterprise Security architecture in distributed environment

Can we setup Cisco Firepower eNcore App for Splunk on HF?

trying to get the swimlane app working in SplunkES. keep receiving connection errors although the network FWs are allowing the traffic.

In Splunk Enterprise Security, will you help me fix the following error: "Failed to start KV Store process. See mongod.log and splunkd.log for details."

How do you edit a correlation rule in a datamodel in Splunk Enterprise Security?

In Splunk Enterprise Security, why am I getting the following error when trying to delete an alert?

Is CIM app compliance backward compatible?

Where is the documentation for whitelisting vulnerability scanners in ESS version 5.1.1?

Custom dashboards from a search

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

Is it possible to make it mandatory to assign Disp...

Unable to open some correlation rules in Splunk en...

PCI Compliance- Why is Incident Review blank?

Create Notable Event Error (reading 'value')

Using relative_time to filter results before writi...