All Posts

Top

All Posts

Hi @Rupert.Broad , Do you perhaps have some steps i could follow to install the .Net and Machine agents on fargate containers? Im having a tough time finding the correct steps to follow and I nee... See more...
Hi @Rupert.Broad , Do you perhaps have some steps i could follow to install the .Net and Machine agents on fargate containers? Im having a tough time finding the correct steps to follow and I need to get this done. Thanks in advance. Shane. 
i have installed a vulnerable web application in my win 10 OS through xampp. now i have setup my splunk enterprise to test the effect of various attack on the target DVWA web application .  or 1=1; -... See more...
i have installed a vulnerable web application in my win 10 OS through xampp. now i have setup my splunk enterprise to test the effect of various attack on the target DVWA web application .  or 1=1; -- this is a  Sql injection attack
@Venkata.Vadlamani , Hope you well, have you managed to get this right for fargate containers? regards. Shane. 
As this relates to licensing and expansion  - this is best discussed with your Splunk Sales Representative - you should have the Splunk  contacts within your organisation. 
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but incident_review and ess_security_posture is not hitting any event how do I ma... See more...
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but incident_review and ess_security_posture is not hitting any event how do I make splunk es to check my uploaded logs and generate a list of alerts like below. Please note that I am not checking the logs forwarded by agent, but the log files uploaded on the browser side thank you
Good day @Venkata.Vadlamani hope you well, Did you ever manage to get the monitoring right with Fargate? I need to install the same on containers and also have a java and .net agents. Please adv... See more...
Good day @Venkata.Vadlamani hope you well, Did you ever manage to get the monitoring right with Fargate? I need to install the same on containers and also have a java and .net agents. Please adviae? regards. Shane. 
Hi,  Our Company is using Splunk Enterprise with 600GB/day for out SOC, and now we would lịke to use this license to extend for our new Private Cloud Managed SOC. Is it possible and legal with Splun... See more...
Hi,  Our Company is using Splunk Enterprise with 600GB/day for out SOC, and now we would lịke to use this license to extend for our new Private Cloud Managed SOC. Is it possible and legal with Splunk license term?
Try something along these lines: Have the "button" set a token, e.g. "add_comment" Have a (hidden) search which is dependent on the token e.g. "| eval _active="$add_comment$" Update the lookup in... See more...
Try something along these lines: Have the "button" set a token, e.g. "add_comment" Have a (hidden) search which is dependent on the token e.g. "| eval _active="$add_comment$" Update the lookup in the (hidden) search (using the text box token) In the <done> handler of the search, unset the "add_comment" token The idea is that the (hidden) search is executed whenever the add_comment token is not null, and it resets the token to null when the search is complete (ready for the next time).
Hi @hohyuon , good for you, see next time! let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Poi... See more...
Hi @hohyuon , good for you, see next time! let us know if we can help you more, or, please, accept one answer for the other people of Community. Ciao and happy splunking Giuseppe P.S.: Karma Points are appreciated by all the contributors
Hi @P47R14RCH  even i'm facing the same issue, did you find any solution?
Hi all I am trying to add a text box and a button to a visualisation as a way a adding a 'commentary' on the chart. For example, if the chart shows something unusual, I'd like to be able to enter a ... See more...
Hi all I am trying to add a text box and a button to a visualisation as a way a adding a 'commentary' on the chart. For example, if the chart shows something unusual, I'd like to be able to enter a reason in the text box e.g. 'Some figures for this month are missing', then click the button and the current date and that comment from the box would be added to the lookup. I do currently have a solution of sorts but it's very clunky as it involves setting a token in a text box and then a html button which opens a URL but the URL is actually the search (search?q=%7Cmakresults%0A%7Ceval%20Date%3D...). This results in a new tab being opened and the
What is it you are trying to do? What is the "' or 1=1; --" supposed to be doing? Please share some anonymised representative events so we can see what you are dealing with (amazingly, we don't have ... See more...
What is it you are trying to do? What is the "' or 1=1; --" supposed to be doing? Please share some anonymised representative events so we can see what you are dealing with (amazingly, we don't have access to your systems or your data!)
OK That's funny! ChatGPT! No wonder you still have issues! 
Do you mean something like this: <row> <panel depends="$stayhidden$"> <html> <style> div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) { ... See more...
Do you mean something like this: <row> <panel depends="$stayhidden$"> <html> <style> div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) { display: flex !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell { padding-left: 4px; padding-right: 4px; margin-left: 4px; margin-right: 4px; border: 2px solid white !important; border-radius: 8px !important; color: white !important; box-shadow: inset 0 0 3px 0 rgba(0,0,0,.4), inset 0 0 3px 5px rgba(0,0,0,.05), inset 2px 3px 4px 0 rgba(255,255,255,.6), 2px 2px 4px 0 rgba(0,0,0,.25) !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell:hover { box-shadow: inset 0 0 3px 0 rgba(0,0,0,.4), inset 0 0 3px 5px rgba(0,0,0,.05), inset 2px 3px 4px 0 rgba(255,255,255,.6), 0 12px 16px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19) !important; transform: translateY(-1px) !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell:active { box-shadow: inset 0 0 3px 0 rgba(0,0,0,.4), inset 0 0 3px 5px rgba(0,0,0,.05), inset 2px 3px 4px 0 rgba(255,255,255,.6), 0 8px 16px 0 rgba(0,0,0,0.24), 0 13px 50px 0 rgba(0,0,0,0.19) !important; transform: translateY(2px) !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell { background-color: yellow !important; color: black !important; } div[id="states"] tr[data-view$="ResultsTableRow"] td:nth-child(2) .multivalue-subcell[data-mv-index="0"] { display: none !important; } </style> </html> </panel> <panel> <table id="states"> <title>States $state$</title> <search> <query>| makeresults count=10 | eval event=random() % 3 | eval state=mvindex(split("ACTIVE,SLEEP,DEAD",","),random() % 3) | stats values(state) as state by event | eval state=mvappend("extra",state)</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">row</option> <drilldown> <eval token="state">$click.value2$</eval> </drilldown> </table> </panel> </row>
Hi @Ahmed_340 , see in the Splunk Security Essentials App (https://splunkbase.splunk.com/app/3435 ) you can find your Use Case and also test data. Ciao. Giuseppe
hello, i am a newbie . where are i can get the demo data to practice different attack detection in splunk enterprise? 
here is the fresh code   index="dvwa_logs" host="DESKTOP-OKV6K44" sourcetype="access_combined" (" ' or 1=1; -- " OR " admin' OR '1'='1 ") | stats count by source_ip, uri, _time still not workin... See more...
here is the fresh code   index="dvwa_logs" host="DESKTOP-OKV6K44" sourcetype="access_combined" (" ' or 1=1; -- " OR " admin' OR '1'='1 ") | stats count by source_ip, uri, _time still not working i have injected  ' or 1=1; -- this in the input field
i am a newbie please help me to correct my code . tried to correct that with chatgpt. it said the code is ok  
Does anybidy konw when I clicked valueo in table cell How I render input btn?
I have one more question. Can I use one Heavy Forwarder for all apps with script inputs, or would it be better to deploy a separate instance for every app? Thanks for your help!