Hi All,
I am just posting a solution to an issue I have had with two upgrades forSplunk Enterprise Security. First issue was when upgrading From 3.3 -> 4.0 and now 4.0 -> 4.1.
Linux E...
...elevant data is indexed.
Is that possible and how?
If possible, looking forsolutions which are built-in to out-of-box Splunk, add-ons etc. I can't use another software for it since the system Splunk...
Hi everyone,
On my Universal Forwarder, I'm able to effectively blacklist Windows event codes when I do it based onthe EventCode field. However, when I try to add regex to my blacklist entries i...
Hi, does anyone have field defintions that decipher theSAP SAL that could be shared? I find lots of references to commercial SAP - Splunk Integration product which I am not too keen to use. But n...
Hi to all. I'm working at a startup company providing securitysolutions.
I started research on how to integrate with Splunk, Splunk ES.
for now, we choose to use the HEC method for delivering the...
...esting RBA? Splunk ATT&CK Range is the perfect fit for this: Introduction GitHub There are also open source solutions like Atomic Red Team which is also available on Github. 14. What are the m...
Since it's a best practice to install Splunk and run it as a non-root UNIX user, how can I make sure Splunk has the necessary read permissions forthe files it needs to monitor?
This UNIX c...
...cceptable", an alert would fire.
I'm a total n00b. I've installed and played with Splunk, but not done much else. Is there an equivalent in functionality forSplunk?
Thanks,
We are seeing this vulnerability show up via qualys vuln scanning on both our dev and production splunk instances. I am using the same ssl config for both and have tried solving this multiple ways i...
...hile I believe this is the intended solution for what I need to achieve. I'd like to avoid this if possible as I'm our only Splunk administrator and from what I've been told there's a fair bit more m...