...ew of them. I'm looking for something like the "Search View matrix" in the User Guide of the SplunkEnterpriseSecurity app, but with all the correlationsearchesin it.
Thanks
Miklos
Hi All!
I did an upgrade on EnterpriseSecurity from 4.7.4 to 5.0.1. I'm using SplunkEnterpriseInstances 7.0.3.
I have a problem with the Incident Review dashboard, the "CorrelationSearch N...
Hi,
This question relates to:
- SplunkEnterprise 6.4.1
- SplunkEnterpriseSecurity 4.1.1
I am trying to generate a list of existing correlationsearches which includes the following d...
The ES Incident Review page still lists deleted CorrelationSearches Names in the Multiselect box "CorrelationSearch Name". We'd like to not see these correlationsearchesin this filter box after w...
I want to list all the 'Authentication' related content we have created in the ES App. Is there any SPL query to get this. Need to list all the dashboards, Notable Events etc... of Authentication t...
Hello,
We'd like to help our analysts to tell which correlationsearch is impacted in case of log source issue. But we can't find the way to list the dependence CorrelationSearch --> Data M...
Hi all,
On a similar note to this question, I would also like to know the complete list of pre-configured correlationsearches available in ES 4.0
We don't have ES installed and therefore I c...
Hey Guys,
Could anyone suggest me a query for the below scenario.
I need a Splunk query to show the list of enabled usecases inEnterpriseSecurity App along with the last triggered time of t...
Hi floks,
i have exclude dest IP from search which is working fine but incorrelation it is still triggering alert.
search NOT [ | inputlookup sample.csv | fields dest_ip
Thanks
Thanks in advance for your time and assistance.
Can someone please tell me how to generate a list of configured, properly functioning Data Models that support SplunkEnterpriseSecuritycorrelation...