...internal" sourcetype=*content_management* But i am not getting any useful data with this query. Please kindly help me where all logs stored for content management(use cases) inEnterprisesecurity...
Deployment: on premise, distributed
Splunk Platform version : 7.2.6
EnterpriseSecurity version : 5.3.0
Hello,
We are trying to refine the roles to be granted to our SOC team based on a "l...
Hi all,
I am currently configuring SplunkEnterpriseSecurity for Alerts. I have a doubt in the implementation of this solution.
I created a alert for Failed logins from Windows devices. I...
We have EnterpriseSecurityinstalled for a specific Search Head and would like the _audit logs in a different location than the main Search Heads.
The ES SH is used for doing securityinvestigations...
A user is unable to access investigationsinEnterpriseSecurity (version ES 7.1.1) on Splunk Cloud (Splunk 9.0.2) . When clicking on investigations from the main menu the message "You do not have p...
...ation" message. I was under the impression it was just the one user role needed for investigations, has anyone come across this before?
Many thanks,
Is there a way to automatically close all of the notables associated with an investigation when you close the investigation itself? Currently Splunk just gives me a warning that "x number of n...
I have a notable event seen inSplunkEnterpriseSecurity's Security Posture dashboard.
I have reviewed it and determined it to be a false positive.
I want to remove it from view on the Security...
I understand we can use the following to look at the investigations created which are 'Active'.
|inputlookup append=t investigative_canvas_lookup
|inputlookup append=t investig...