I had encoutered an interesting question from my client/security SME 1. Which one is better. To have Splunk Security Essentials or to retain Enterprise Security + Contentupdates? 2. Where are t...
I am about to upgrade the Security Essentials App (Installed on ES) to it's most current version 3.4.0. I read that Security Essentials depends on ES contentupdate App. The question is do I need t...
Please help me with learning What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES contentupdatesApps? I have posted this before but still not clear to me. I app...
Good Morning.
We are using the "ES ContentUpdates" app. And when executing the searches that it incorporates, it always throws us the same error. For example:
"ESCU - Common Ransomware E...
When I click on "Run Analytics" on Analytical Story Detail page within the ES ContentUpdate app, it redirects to new page which ends up in the error, 404 Not Found P...
Hello All I facing the below error while updating my apps like ES contentupdate Splunk machine learning toolkit or any other app like ES contentupdate. I have gone through the various articles b...
First of all, sorry for my english.
When Splunk deployment server (6.1.4 version) updatesapps on deployment clients also update excluded files. I've defined excluding in serverclass.conf app s...
...plunkEnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the i...
Hi helpful people,
I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)
For eg, malicious src connecting with internal IP'...