...sing SplunkEnterpriseSecurity) looks like this:
| from datamodel:"Change"."Auditing_Changes"
| where ('action'="cleared" OR 'action'="stopped")
| stats max(_time) as "lastTime",count by "d...
I have a couple searches that trigger inIncident Review and I want to group them up by count. And than let the drill down show me the detailed information of each event. Does anyone know how to group...
Is it possible to automate assignment of notable events to groups?
For example, if a new notable event is triggered, is there a way to automatically assign it to a created group like to the L1 team?
I am trying to search for events that contain one IP from each of the two groups of IP addresses. Forinstance:
index=main sourcetype=* |
search ("10.10.10.10" OR "30.30.30.30" OR "50.50.50.50...
Hi Splunkers,
I am seeing some junk values in Threat activity details report from Splunkenterprisesecurity, FYI please have a look at the below values
threat_collection threat_group t...
We are trying to get Azure AD SSO to Splunk working but we have AD users that contain more than 150 group memberships which therefore means Azure sends the groupinformation as a digest link in...
We are running the latest update forSplunkEnterpriseSecurity, which includes the new "Cloud Security" option., In Cloud Security, I can see some data when using the "Microsoft 365 Security O...
I want to set up an organized system of permissions so we can give the right access to the right data and the right Splunk features to the right analysts in my organization. Can I get a sketch of h...
Please provide the steps to monitor the Securitygroups(ACL) on which monitoring needs to be configured to capture any members added/removed on to the ACL group