...og files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break s...
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in EnterpriseSecurity could be updated to have the src_ip and dest_ip columns to allow me to define acceptable usage of a...
...ecords (ip, dns)
DHCP Records (ip,mac, dns)
Windows Security Authentication (nt_host, owner)
Network Identity Services (ip, owner)
The savedsearch just concatenates the lists, no m...
Hi,
I'm a real Splunk novice, so apologies if this is a silly question. I've installed SplunkEnterprise, and ES in a test lab. Due to security, I'm unable to export any logs from the production network...
We have some new logs we would like to import.
These logs seem to contain all the fields of network traffic, but it was requested to also show them as authentication. Is it best practice to tie i...
In SplunkEnterpriseSecurity, the geographically improbable login correlation fires when users on our network transition between ipv4 and ipv6 due to the different latitude fields in the geoip d...
Hi, I have the Cisco ASA TA installed and things look great on my EnterpriseSecurity search head when I search for the logs in the Search and Reporting app. But when I select ES and go to search i...
I am looking for anyone who might know the appropriate BIND logging configuration to capture DNS replies so that we can map these into the Network Resolution model in EnterpriseSecurity. Logging t...
We are running the latest update for SplunkEnterpriseSecurity, which includes the new "Cloud Security" option., In Cloud Security, I can see some data when using the "Microsoft 365 Security O...