Splunk Enterprise Security

Discussions

Thread Info

Splunk Enterprise Security: Why can't I create an ad-hoc notable event after upgrade?

We have just upgraded Splunk Enterprise 6.4.1 / Splunk Enterprise Security 4.1.1 to Splunk Enterprise 6.5.2 with Splu...

by Splunk Employee in

Splunk Enterprise Security

Hi, I have installed a splunk enterprise trial and also requested Splunk Enterprise Security. I noticed that when ...

by New Member in

Why do I receive error "Problem in indexer : Problem parsing indexes.conf: default index disabled - quit!" on the indexer?

Hello , I have a distributed architecture of Splunk Search Head with Splunk Enterprise Security and an indexer . I...

by Engager in

is it possible to create a new threat intelligence source with json format in Enterprise Security ?

Hey gents My customer is asking me to create a new threat intelligence source in the Enterprise Security app (vers...

by Builder in

domaintools (whois) alternatives for Enterprise Security

Hi all, Are there any alternatives to domaintools whois API for Enterprise Security integration? A lot of customer...

by Explorer in

How do I get the sessionKey from a Splunk app's serverside python code?

I have created a Splunk app and am sending ajax request to it from the browser. The serverside python code will th...

by Path Finder in

Substituting values from MV fields?

In Enterprise Security, for a drill down action I want to use a field from the notable events, which can have multi v...

by Communicator in

How to set up a SOC with Splunk ?

I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.

by New Member in

Splunk Enterprise Security and Splunk 6.5.2: When clicking "Event Actions" button within an expanded event, why do I receive "TypeError: message is undefined" error?

Since upgrading Splunk to 6.5.2, in the Splunk Enterprise Security (ES) search page I get "TypeError: message is unde...

by New Member in

How to create an alert that works with Fortigate Active Response?

Having a hard time getting an alert that works with FortigateAR. We want to use FortigateAR to block SourceIP based o...

by Engager in

Splunk Enterprise Security: Is it possible to embed an Adaptive Response hyperlink into the Notable Event Next Steps?

I know that it is possible to embed an Adaptive Response hyperlink into the next steps section of Splunk Enterprise S...

by Splunk Employee in

How can I display hosts which do not have AntiVirus installed but require it in Splunk Enterprise Security?

All, Might just be lack of caffeine here. But I can't quite get this subsearch working. I have my assets.csv ...

by Builder in

Splunk Enterprise Security: Is it recommended to turn data model acceleration on or use correlation search for the Identity Management data model?

Does it make sense to turn data model acceleration on for the Incident Management data model (default summary range i...

by Path Finder in

Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.file_hash or Email.file_hash?

Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.filehash or Email.filehas...

by Path Finder in

Splunk Enterprise Security

Discussions

Splunk Enterprise Security: Why can't I create an ad-hoc notable event after upgrade?

Splunk Enterprise Security

Why do I receive error "Problem in indexer : Problem parsing indexes.conf: default index disabled - quit!" on the indexer?

is it possible to create a new threat intelligence source with json format in Enterprise Security ?

domaintools (whois) alternatives for Enterprise Security

How do I get the sessionKey from a Splunk app's serverside python code?

Substituting values from MV fields?

How to set up a SOC with Splunk ?

Splunk Enterprise Security and Splunk 6.5.2: When clicking "Event Actions" button within an expanded event, why do I receive "TypeError: message is undefined" error?

How to create an alert that works with Fortigate Active Response?

Splunk Enterprise Security: Is it possible to embed an Adaptive Response hyperlink into the Notable Event Next Steps?

How can I display hosts which do not have AntiVirus installed but require it in Splunk Enterprise Security?

Splunk Enterprise Security: Is it recommended to turn data model acceleration on or use correlation search for the Identity Management data model?

Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.file_hash or Email.file_hash?

Splunk Enterprise Security: Why does Inputlookup (kvstore) not showing all available fields?

Creating new notable events based on new inputs via Enterprise Security's correlation engine

Any recommendations on how to display Splunk Enterprise Security dashboards on our SOC wall display?

Commands not usable from Enterprise Security?

Splunk Enterprise Security: How to use Extreme Search to build Correlation Searches?

Splunk Enterprise Security: How to configure data enrichment?

ES Investigation Note Formatting

Why does modifying notable severity in Splunk ES i...

Splunk Stream: how to keep original host IP/name

Does anyone see potential issues with only pulling...

Where can I find information about threat detectio...