Hi Everyone, I'm looking for some SplunkEnterpriseSecurity tips, maybe in the form of a cheatsheeet. Specific topics of interest: 1. Recommended 'base apps' for ES, eg: CIM ESCU CIM-V...
is there a wayto execute the following process of the OS? ??
-Cluster master server (SplunkEnterprise installed)
/ Usr / bin / eu-stack
/ Usr / bin / iostat
/ Usr / b...
Is there a wayto force a notable event in SplunkEnterpriseSecurity to be critical? We have certain notables that are created that are only registered as a high and we want to force them to be c...
I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprisesecurity incident review, many of which are allowed communication between our systems. What would b...
Is there any wayto notify someone that an incident has been assigned to them?
For my in incident review process, I have some regular users that check the dashboard everyday. I have a couple u...
...ot to use this. And, if we can ingest without the XML, are there good waysto reduce the extra logging volume that creates?
I've been googling for a while, if someone could help me out with an e...
Hi Everyone
I'm having trouble with one of the alerts in EnterpriseSecurity which is causing a lot of noise and false positives. I've tuned the correlation rule to where I want it, but the p...
If this has already been covered, please provide a link, but I haven't seen anything. My organization uses Splunk Cloud and we have EnterpriseSecurity installed. Does anyone know if there is a way...
I added several objects to the "Vulnerabilities" data model. After that the EnterpriseSecurity /Security Domains/Network/Vulnerability Center dashboard started showing inconsistent values in s...