Hi there!
We are receiving logs from a NetApp file server about what user access, etc. Log format very similar/same as the Windows Events in XML. (So parsing looks good) We also have EnterpriseSecur...
Good morning,
I am currently conducting research on using Splunkto monitor 3 types of databases in terms of security events. As the title states, the databases are Oracle, SQL, and Teradata....
I am unable to make the Threat Intelligence input for hailataxii work using on-prem SplunkEnterprise. SplunkEnterprise version 8.2.4 and EnterpriseSecurity version 7.0.0. The Threat I...
I have an alert set up in my SplunkEnterpriseSecurity environment that is set to trigger when we receive a notable that is marked as either high or critical urgency. This search has worked in the p...
...urrently I want to integrate splunk es with Active Directory, Linux system logs (secure, message, audit.log), network traffic, oracle database, etc.
2、By default, splunkenterprise allows users to i...
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the i...
I can't see the Threat Intelligence AuditEvents in SplunkEnterpriseSecurity
I have internet access to my serverm and yes, I can even wget http://hailataxii.com/ site successfully.
I checked t...
So it appears that the built-in tagging and field enrichment for the Splunk App for EnterpriseSecurity is poorly configured.
For the Change Analysis CIM, I was pleased to see Windows events b...