Can any one help me in generating a lookup to dynamically add the Active Directory to the SplunkEnterpriseSecurity - Assets and Identitylist? Had worked out for the the Identity part, but it w...
...upport team already maintains a CMDB but it doesn't do a great job and provides almost no value as a master listora way to audit for gaps insecurity control coverage. Our team deploys a v...
Wanted to check how the assetand identitylists that PCI need are different from the ES app. Does PCI need them ina different format, different fields? What are the critical fields that PCI need in...
I have a non-admin user "testuser" added to a non-admin "testrole"
I give testrole capabilities of edit_identitylookup, edit_lookups in capabilities.
I log in to my testuser, and I edit identity...
Hi all, I'm having these error messages - Streamed seach execute failed beacuse: Error in 'lookup' command: Could not construct lookup 'simple_identity_lookup' ... After including the "| in...
Hi all, I'm struggling with problem that I can't find any error logs inAssetand Identity Management dashboard inSplunkEnterpriseSecurity. It shows NOT FOUND and I see the error message b...
...s_admin navigate to SplunkEnterpriseSecurity
From the Configure menu select General
From the General menu select App Imports Update
Click on “update_es”
Append |(SecKit_[ST]A_.*) to the A...
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunkinstall app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the in...
Hi,
I'm trying to add anewassetlist to SplunkEnterpriseSecurity. I can see the lookup inConfiguration->Data Enrichment->Identity Management, but it's not showing up when I search f...