Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
21 results
Sorted by:
a month ago
Hi Everyone, I'm looking for some Splunk Enterprise Security tips, maybe in the form of a cheatsheeet. Specific topics of interest: 1. Recommended 'base apps' for ES, eg: CIM ESCU CIM-V...
Labels
- Labels:
-
using Enterprise Security
01-31-2017
07:35 AM
Is there a way to force a notable event in Splunk Enterprise Security to be critical? We have certain notables that are created that are only registered as a high and we want to force them to be c...
10-19-2017
12:16 PM
1 Karma
I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprise security incident review, many of which are allowed communication between our systems. What would b...
11-25-2015
06:08 AM
2 Karma
Is there any way to notify someone that an incident has been assigned to them?
For my in incident review process, I have some regular users that check the dashboard everyday. I have a couple u...
04-07-2015
02:56 PM
1 Karma
...reated by Enterprise Security (ES) app.
01-10-2019
09:15 AM
...ot to use this. And, if we can ingest without the XML, are there good ways to reduce the extra logging volume that creates?
I've been googling for a while, if someone could help me out with an e...
02-08-2019
08:25 AM
Hi Everyone
I'm having trouble with one of the alerts in Enterprise Security which is causing a lot of noise and false positives. I've tuned the correlation rule to where I want it, but the p...
09-14-2016
10:27 AM
If this has already been covered, please provide a link, but I haven't seen anything. My organization uses Splunk Cloud and we have Enterprise Security installed. Does anyone know if there is a way...
01-13-2016
08:52 AM
I added several objects to the "Vulnerabilities" data model. After that the Enterprise Security /Security Domains/Network/Vulnerability Center dashboard started showing inconsistent values in s...
03-02-2015
12:02 PM
I have been testing the Splunk Add-on for Nessus and want to start using the feature with fresh data. Is there a way to clear out all previously imported scans so we can start from scratch?
