All Topics

Top

All Topics

Best Practices for Maturing Your SOC from Splunk Professional Services PRACTITIONER LEVEL: Intermediate AUDIENCE: Splunk Administrators, Security Analysts, SOC Manager Part 3: Process
Is there a way to speed up this process because I have an assignment due but i can't download the ova of free community edition of phantom because my account is in review.
Monitor and Alert on Your Kubernetes Clusters in Seconds TECH TALK: DevOps Edition AUDIENCE: Splunk Administrator, (IT, Security, Data, Business) Analyst, DevOps Engineers, Developers, SREs PRACTI... See more...
Monitor and Alert on Your Kubernetes Clusters in Seconds TECH TALK: DevOps Edition AUDIENCE: Splunk Administrator, (IT, Security, Data, Business) Analyst, DevOps Engineers, Developers, SREs PRACTITIONER LEVEL: Good for All   CLICK ON VIDEO TO WATCH Learn how to: Deploy the Splunk OpenTelemetry Collector to gather Kubernetes Metrics Simplify your alert strategy for out-of-the-box alerting with AutoDetect alerting Resolve issues instantly in your Kubernetes workloads and cut down alert storms
Hi all, Im trying to access the API from PostMan, but  getting the error 401. My question is the user / pass this should be the user I use to connect to the URL or I have to user the API cliente? t... See more...
Hi all, Im trying to access the API from PostMan, but  getting the error 401. My question is the user / pass this should be the user I use to connect to the URL or I have to user the API cliente? thanks. 
Best Practices for Maturing Your SOC from Splunk Professional Services PRACTITIONER LEVEL: Intermediate AUDIENCE: Splunk Administrators, Security Analysts, SOC Manager Part 4: Data
Tips for Successful OpenTelemetry Deployment TECH TALK: DevOps Edition PRACTITIONER LEVEL: Good for All AUDIENCE: Splunk Administrator, (IT, Security, Data, Business) Analyst, DevOps Engineers, De... See more...
Tips for Successful OpenTelemetry Deployment TECH TALK: DevOps Edition PRACTITIONER LEVEL: Good for All AUDIENCE: Splunk Administrator, (IT, Security, Data, Business) Analyst, DevOps Engineers, Developers, SREs CLICK TO WATCH VIDEO Tune in to learn about: How to make changes to the OpenTelemetry data pipeline Troubleshooting tips when deploying the OpenTelemetry Collector How to confirm the OpenTelemetry collector actively collecting telemetry data
I'm getting a bit annoyed at throttling for each, as although it works - it has a habit of resetting itself if I need to tweak the SPL,  or cron time... almost tempted to populate a kvstore and take ... See more...
I'm getting a bit annoyed at throttling for each, as although it works - it has a habit of resetting itself if I need to tweak the SPL,  or cron time... almost tempted to populate a kvstore and take control...  anyone else ?  does editing the savedsearches.conf allow you or the advanced edit option allow you to get round what I perceive as annoying behavior
MOST VALUABLE TECH TALKS From Problem Detection to Resolution in Minutes with Splunk’s Observability Suite TECH TALK: DevOps Edition AUDIENCE: Site Reliability Engineer, Platform and Cloud Operati... See more...
MOST VALUABLE TECH TALKS From Problem Detection to Resolution in Minutes with Splunk’s Observability Suite TECH TALK: DevOps Edition AUDIENCE: Site Reliability Engineer, Platform and Cloud Operations PRACTITIONER LEVEL: Intermediate CLICK ON VIDEO TO WATCH Tune in to learn how to: How to easily troubleshoot an issue with Splunk Observability Suite Other important Observability use cases to help improve your monitoring How to leverage two new products, Splunk RUM and Splunk Log Observer in your workflow  
Hello, How would I specify the time frame in a search to provide me the events between 7am - 5pm weekdays and all results for weekends within the same search
  Can you please help me understand if Google Workspace Add-on equivalent update for G suite for Splunk add-on? Because, we used g suite earlier, after seeing that the app had been updated we insta... See more...
  Can you please help me understand if Google Workspace Add-on equivalent update for G suite for Splunk add-on? Because, we used g suite earlier, after seeing that the app had been updated we installed and configured Google Workspaces. But, sourcetypes and the way events are parsed are not similar to gsuite. Thanks in advance
MOST VALUABLE TECH TALKS  Exploring Insights with ITSI Glass Tables TECH TALK: IT Edition AUDIENCE: Splunk Administrators, IT Analysts PRACTITIONER LEVEL: Advanced CLICK ON VIDEO TO WATCH T... See more...
MOST VALUABLE TECH TALKS  Exploring Insights with ITSI Glass Tables TECH TALK: IT Edition AUDIENCE: Splunk Administrators, IT Analysts PRACTITIONER LEVEL: Advanced CLICK ON VIDEO TO WATCH Tune in to see: A deep dive into the technology and use cases of Glass Tables How glass tables can be used to articulate and visualize verticals Best practices on how to get started with a service-oriented approach
MOST VALUABLE TECH TALKS  The Convergence of Observability & IT Teams TECH TALK: IT Edition AUDIENCE: Splunk Administrators, IT Analysts, NOC Managers, Site Reliability Engineers, Platform and Clo... See more...
MOST VALUABLE TECH TALKS  The Convergence of Observability & IT Teams TECH TALK: IT Edition AUDIENCE: Splunk Administrators, IT Analysts, NOC Managers, Site Reliability Engineers, Platform and Cloud Operations PRACTITIONER LEVEL: Intermediate CLICK ON VIDEO TO WATCH Tune in to learn: How to utilize DSP to make sure you get the data you NEED at the right time in the right place and for the right reason. To harness the power of the Splunk IT portfolio to locate, troubleshoot and resolve issues efficiently and effectively Best practices for data sources, infrastructure monitoring and service monitoring
MOST VALUABLE TECH TALKS  Configure Data Ingestion for Splunk Infrastructure Monitoring TECH TALK: DevOps Edition AUDIENCE: Site Reliability Engineer, Platform, IT and Cloud Operations PRACTITION... See more...
MOST VALUABLE TECH TALKS  Configure Data Ingestion for Splunk Infrastructure Monitoring TECH TALK: DevOps Edition AUDIENCE: Site Reliability Engineer, Platform, IT and Cloud Operations PRACTITIONER LEVEL: Novice CLICK ON VIDEO TO WATCH Join this tech talk to learn more about: How to connect with AWS using CloudWatch polling, CloudWatch Metric Streams and OpenTelemetry Collector Data ingestion from Kubernetes deployments such as Amazon EKS using OpenTelemetry Collector in Splunk Infrastructure Monitoring and Splunk Cloud Automatic discovery and data-ingestion with hundreds of pre-built integrations
Pretty much the title. I tried messing with the user interface navigation settings and the closest I can get is making the glass table lister the default page. But this also alters the user interfac... See more...
Pretty much the title. I tried messing with the user interface navigation settings and the closest I can get is making the glass table lister the default page. But this also alters the user interface like so:   This would be a separate issue. My main concern is making a specific glass table the default page when opening ITSI. Any help would be greatly appreciated.
Hello, Below is the existing stanza in the inputs.conf [monitor:///var/log] whitelist=(\.log|log$|messages|secure|auth|mesg$|cron$|acpid$|\.out) blacklist=(lastlog|anaconda\.syslog) disabled = 1... See more...
Hello, Below is the existing stanza in the inputs.conf [monitor:///var/log] whitelist=(\.log|log$|messages|secure|auth|mesg$|cron$|acpid$|\.out) blacklist=(lastlog|anaconda\.syslog) disabled = 1 I also want to add the following folder to be blacklist /var/log/dynatrace and any logs within the folder/sub folders. Can you please explain how this can be done? Is the syntax below correct? blacklist=(lastlog|anaconda\.syslog)|(dynatrace) Appreciate your experience and help.
MOST VALUABLE TECH TALKS |  SECURITY EDITION What’s New with Enterprise Security 7.0 PRACTITIONER LEVEL: Novice AUDIENCE: Splunk Administrator (IT, Security, Data, Business), Analyst     Tune... See more...
MOST VALUABLE TECH TALKS |  SECURITY EDITION What’s New with Enterprise Security 7.0 PRACTITIONER LEVEL: Novice AUDIENCE: Splunk Administrator (IT, Security, Data, Business), Analyst     Tune in to learn about: A quick recap in the updates to version 6.6 All the new features in 7.0 as well as a demo of the awesome new user experience How to learn more about Splunk Enterprise Security  
Splunk Intelligence Management for Splunk SOAR TECH TALK: Security Edition AUDIENCE: Splunk Administrators, Security Analysts, CISO PRACTITIONER LEVEL: Intermediate CLICK ON VIDEO TO WATCH L... See more...
Splunk Intelligence Management for Splunk SOAR TECH TALK: Security Edition AUDIENCE: Splunk Administrators, Security Analysts, CISO PRACTITIONER LEVEL: Intermediate CLICK ON VIDEO TO WATCH Learn how to: Obtain prepared and normalized intelligence from internal and external sources for faster triage and more streamlined playbooks. Automate based on IOC enrichment from Splunk Intelligence Management.
Automation for Modern SOC: Splunk SOAR’s App Editor TECH TALK: Security Edition AUDIENCE: Security Analysts, SOC Teams PRACTITIONER LEVEL: Intermediate     CLICK ON VIDEO TO WATCH Tune int... See more...
Automation for Modern SOC: Splunk SOAR’s App Editor TECH TALK: Security Edition AUDIENCE: Security Analysts, SOC Teams PRACTITIONER LEVEL: Intermediate     CLICK ON VIDEO TO WATCH Tune into the webinar, Automation for the Modern SOC: Splunk SOAR’s New App Editor, to learn how to: Easily view and add code, test actions, see log results, and troubleshoot apps Gain additional visibility into how an app functions Create totally custom actions or modify existing ones to suit your use cases
The data i have is  816851-567-7554080981706881 50A720 -123-8150015922249983 816851-567-1135131573613120 816851-567-0065137870504409 50A720 -123-1135131573613120 816851-567-0065137870504409 ... See more...
The data i have is  816851-567-7554080981706881 50A720 -123-8150015922249983 816851-567-1135131573613120 816851-567-0065137870504409 50A720 -123-1135131573613120 816851-567-0065137870504409 50A720 -123-1135131573613120 50A720 -123-0065137870504409 I want to extract 50A720 or 816851using | rex field=name  mode=sed "s/816851/" getting error Error in 'rex' command: Failed to initialize sed. Failed to parse the replacement string.
I'm interested in suggestions on how to tackle this. I know how I would implement it in Python, but not really sure best practice for SOAR. Let's say I have an Action called "Lookup Host" If it ... See more...
I'm interested in suggestions on how to tackle this. I know how I would implement it in Python, but not really sure best practice for SOAR. Let's say I have an Action called "Lookup Host" If it runs successfully, it returns a dict with some data [{"hostname": "test1", "device_id": "abc123"}] but we might actually not have data on this host, so it will return empty: [] I need to ensure that we have data, otherwise later playbook actions won't complete. Would we use a decision here - like "If result != []: continue, else: exit playbook" Here's is loosely what I want to do, but in Python Code:     result = LookupHost(hostname="test1") if result: # Have a result, so can continue run_second_action() else: # no data found, exit exit(0)