...LFF93FRoUwXH_7yitxQiSUhJlZE7Ybmfu&index=3), but I had trouble connecting soar to Splunk because Splunk SOAR and SplunkEnterpriseSecurity are on different networks. In the most common example I came across, SOAR and SplunkEnterprise...
...og files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break s...
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in EnterpriseSecurity could be updated to have the src_ip and dest_ip columns to allow me to define acceptable usage of a...
...ecords (ip, dns)
DHCP Records (ip,mac, dns)
Windows Security Authentication (nt_host, owner)
Network Identity Services (ip, owner)
The savedsearch just concatenates the lists, no m...
Hi,
I'm a real Splunk novice, so apologies if this is a silly question. I've installed SplunkEnterprise, and ES in a test lab. Due to security, I'm unable to export any logs from the production network...
We have some new logs we would like to import.
These logs seem to contain all the fields of network traffic, but it was requested to also show them as authentication. Is it best practice to tie i...
In SplunkEnterpriseSecurity, the geographically improbable login correlation fires when users on our network transition between ipv4 and ipv6 due to the different latitude fields in the geoip d...
Experts,
When I try to schedule PDF for a report, I get the following error after I set the cron
"Yournetwork connection may have been lost or Splunk may be down." and all my search heads s...
Hi, I have the Cisco ASA TA installed and things look great on my EnterpriseSecurity search head when I search for the logs in the Search and Reporting app. But when I select ES and go to search i...