Hi Community. My customer is ingesting two sources of data: one from IDP and another from a Firewall. Both are CIM compliant and already are ingested fine. Both sources have a definition for "h...
I can see where we can create 'New Investigations', track or manage current investigations, delete or edit or remove existing investigations, but nothing to close the investigation. When you a...
ES Incident review Contextualize and Investigate returns blank results page. This looks like it would be a nice addition for my guys if it worked. If anyone has this working please share.
I'm doing research inside of Splunk Enterprise Security, and I'm tagging events into the timeline. I've gone into the investigation and added my notes.
How do I export this data into a PDF or R...
I have received a message saying today that my license using is nearly 3 times my limit. I cannot find anything in particular that is causing this. My current 1GB/day Enterprise license seems to be v...
We've recently migrated from 12 indexers per site on a slower storage array to 24 indexers per site on much faster storage arrays. Since the move we have seen IO throughput on indexer luns peak at ar...
...esponse escu-investigate it's returning empty page ?
How ı fix this ? my research url is = https://127.0.0.1:8000/en-US/app/DA-ESS-ContentUpdate/escu_nextsteps?sidtxt=s...
..." under related investigations. My assumption is that it is a permissions issue since admins are able to view it with no problems. However it appears that all the permissions that are needed a...
...ogged in the past 30 days to identify a baseline or to investigate whether there are any anomaly in the usage of that account. My doubt is whether there are any way to automate this process. Like if the a...