Search

sheamus69 · ‎05-18-2016

...nalysis results going forward? Any advice given here would be gratefully recieved. Sheamus. Edit: This question is for Splunk Enterprise Security 4.0.1.

adukes_splunk · ‎09-06-2019

Does anyone have examples of how to use Splunk to check for inactive account activity?

nareshinsvu · ‎04-27-2022

...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the in...

adukes_splunk · ‎09-05-2019

Does anyone have examples of how to use Splunk to check for volume email activity to non-corporate domains?

adukes_splunk · ‎09-05-2019

Does anyone have examples of how to use Splunk to check for batch files written to the Windows system directory?

snsaxena · ‎06-15-2021

...pdated by +20. and an alert should be triggered only if risk_score>=30. Can I accomplish it writing a correlation search? Or there is another way of doing it, please suggest.

Search

Search the Community

Tuning Risk Scores and resetting score values

Example of inactive account activity detected use ...

Stuck with Splunk ES Upgrade

Example of a high volume email activity to non-cor...

Example of a batch file write to system32 use case...

Risk Based alerting in SPLUNK ES