Hello everyone, I am trying to enable some basic detections that found from the SplunkSecurityEssentials app. We do have ES however; we are still in the process to getting all of our d...
In the latest SplunkSecurityEssentials 3.4.0, and previous release the Data Inventory detection in CIM+Event Size Introspection starts a query that will never complete due to an unmatched p...
HI all, I just installed the securityessential app on my splunk but i'm having issues retrieving the MITRE matrix. I get the following error: External search command 'mitremap' returned error c...
Hi everyone I'm using SplunkSecurityEssentials and I have a problem with a macro : "get_identity4events(user)" the error in the search is : "Error in 'SearchParser': The search specifies a m...
Hi There, I am new to Splunk and have data coming in from just one server. I have tried running the basic brute force detection search, and receive thousands of events. I don't think this is a...
...hich i monitor with the UF) and SplunkSecurityEssentials. I've tried different things with the demo data but when I'm trying to do anything with the live data i hit the wall. I've tried to f...
Hi Splunkers,
We have a ton of bookmarked content inSplunkSecurityEssentials App on one of our Dev Splunksearch heads. Now i want to move that to Enterprise SecuritySearch Head. Is that p...
Hi Splunkers,
I have a problem with the "SplunkSecurityEssentials" application. Currently, I have 34 activated correlation searches that I would like to map on the Mitre Framework.
Viewing t...
We recently moved SplunkSecurityEssentials from our lab to our QA environment, but it is not working. In Lab we have admin privs, but in QA it is only power user privs and we did enable the _list s...
...ocumented and easier. I have installed the Splunk Add on for Microsoft on both the indexer/search head as well as the client, and added the custom inputs.conf which is linked from SplunkSecurityEssentials...