...og files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break s...
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in EnterpriseSecurity could be updated to have the src_ip and dest_ip columns to allow me to define acceptable usage of a...
Experts,
When I try to schedule PDF for a report, I get the following error after I set the cron
"Yournetwork connection may have been lost or Splunk may be down." and all my search heads s...
We are running the latest update for SplunkEnterpriseSecurity, which includes the new "Cloud Security" option., In Cloud Security, I can see some data when using the "Microsoft 365 Security O...
...EnterpriseSecuritySuite) from etc/shcluster/apps to etc/apps folder Ran the upgrade command – (/opt/splunk/bin/splunk install app ./splunk-enterprise-security_620.spl -update 1) Ran the essinstall command as per the i...
We have some new logs we would like to import.
These logs seem to contain all the fields of network traffic, but it was requested to also show them as authentication. Is it best practice to tie i...
Hi,
I'm a real Splunk novice, so apologies if this is a silly question. I've installed SplunkEnterprise, and ES in a test lab. Due to security, I'm unable to export any logs from the production network...
...ecords (ip, dns)
DHCP Records (ip,mac, dns)
Windows Security Authentication (nt_host, owner)
Network Identity Services (ip, owner)
The savedsearch just concatenates the lists, no m...
I want to add a new Security Domain called "Email" in EnterpriseSecurity (ES) App and later map it to notables. Right now "Threat", "Network", "Identity" are among a few that are available. Is t...
...ndpoint and network activity. Is this where EnterpriseSecurity is needed? Or is the answer that one can technically do it without Enterprisesecurity but it would be tougher? Would splunkenterprise...