Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
vanvan
Hi, Is there a "master" list or "catalog" of reports/dashboards that are available OOTB for Splunk UBA and Splunk ES...
by vanvan Path Finder in Splunk Enterprise Security 01-16-2019
1 2
1
2
t_splunk_d
In Splunk Enterprise I have alerts. Now I want to create Servicenow incidents by adding the alert action using ITSI N...
by t_splunk_d Path Finder in Splunk Enterprise Security 01-15-2019
1 0
1
0
arlombar
How would I go about pre-populating the fields from splunk (ex. $name$) to the resilient action/app and have this set...
by arlombar Explorer in Splunk Enterprise Security 01-15-2019
0 0
0
0
ninja3526
Is there any way to get all the splunk instances details ( all the search heads, indexers, forwarders etc) from the m...
by ninja3526 New Member in Splunk Enterprise Security 01-15-2019
0 3
0
3
kaw243
Has anyone had an issue with the qualys-technology-add-on-ta-for-splunk_134 TA that started today? It looks like the ...
by kaw243 Explorer in Splunk Enterprise Security 01-14-2019
1 6
1
6
arlombar
I have a correlation search in which I use a simple eval command to create a new field (ex. eval test=123). This fiel...
by arlombar Explorer in Splunk Enterprise Security 01-14-2019
0 19
0
19
sharma_deeksha0
What are the prerequisites ? Is there any add on, if yes, where to install that add on (instance)?
by sharma_deeksha0 New Member in Splunk Enterprise Security 01-13-2019
0 0
0
0
deepjyotichangm
Splunk Add on for Nessus 5.1.4 not compatible with Nessus Professional ver. 8. Any other option to pulling the logs?
by deepjyotichangm Engager in Splunk Enterprise Security 01-13-2019
1 0
1
0
kokanne
I want to make a usecase that will detect the usage of several destination port numbers. For this, I think it's easie...
by kokanne Communicator in Splunk Enterprise Security 01-11-2019
0 3
0
3
IWilsonR
Enterprise Security notable events, how to calculate Alert acknowledged / Alert closed Report?? Is there any report i...
by IWilsonR Engager in Splunk Enterprise Security 01-11-2019
0 3
0
3
gworkun
Hey Team, Wanted to be able to send an email as an Adaptive Response for a correlation search per result. Just like ...
by gworkun Explorer in Splunk Enterprise Security 01-11-2019
3 1
3
1
radam2000
If I update the assets.csv lookup for ES, how do I update the datamodel as it doesn't show my updates?? | from datamo...
by radam2000 Path Finder in Splunk Enterprise Security 01-11-2019
0 2
0
2
SunilMaharishi
Hello Team , I have been working on filtering of some noisy windows event logs from indexing and before doing this ...
by SunilMaharishi Path Finder in Splunk Enterprise Security 01-11-2019
0 2
0
2
rbal_splunk
Using the ESCU app viewing an Analytic Story searches, selecting the "Configure in ES" erroneously adds "- Rule to th...
by rbal_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 01-10-2019
0 1
0
1
srickermartin
ES Incident review Contextualize and Investigate returns blank results page. This looks like it would be a nice addit...
by srickermartin Engager in Splunk Enterprise Security 01-10-2019
0 1
0
1
ibmresilient
Is it possible to get some simulation data for ESCU? Right now all searches just return nothing for our instance. O...
by ibmresilient Path Finder in Splunk Enterprise Security 01-09-2019
0 3
0
3
DEAD_BEEF
I'd like to create an auditing like dashboard panel that shows the user, the name of the correlated rule, the action ...
by DEAD_BEEF Builder in Splunk Enterprise Security 01-09-2019
0 3
0
3
utk123
My estreamer to device connection was down for sometime, so now I want to upload missing device logs to splunk. I th...
by utk123 Path Finder in Splunk Enterprise Security 01-09-2019
0 1
0
1
mmoermans
When matching against threat intel the notable events only shows the source and destination of the matched event. Is ...
by mmoermans Path Finder in Splunk Enterprise Security 01-09-2019
0 1
0
1
16gym
My splunk server and remote host server is in the same network. In the Splunk server, I went Settings-->Data inputs--...
by 16gym New Member in Splunk Enterprise Security 01-09-2019
0 1
0
1
shiftey
Hi Im using the below search and wish to create a notable event from the search. (filtered to not show company info) ...
by shiftey Path Finder in Splunk Enterprise Security 01-06-2019
1 4
1
4
amtm
Within the ESS application, I created a simple saved dashboard based upon a search: Splunk -> ESS -> Search Speci...
by amtm Engager in Splunk Enterprise Security 01-04-2019
0 4
0
4
horanman01
I am a recent hire and am in a predicament. Our Splunk environment is pretty typical, there are clustered indexers/se...
by horanman01 Explorer in Splunk Enterprise Security 01-04-2019
0 2
0
2
mobin786
I am sending SRX SD logs to Splunk and it is not showing up correctly. Splunk unable to recognize the fields with the...
by mobin786 New Member in Splunk Enterprise Security 01-03-2019
0 0
0
0
simonsigre
Our team is currently updating the field extraction for the existing Splunk Add-on for Check Point OPSEC LEA (https:/...
by simonsigre Path Finder in Splunk Enterprise Security 01-02-2019
1 0
1
0
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...