...mplementation?
1) What logs can you monitor with the EnterpriseSecurity app?
2) With switches, routers, etc. sitting remotely do you recommend having a Splunkinstance running on the remote location and u...
Is there a way to update the default collection or create a custom collection of swimlanes for the investigator dashboards for Splunk for EnterpriseSecurity?
For example, Asset Investigator has t...
Hi all,
So i have added the edit_timeline role to a user and they can create aninvestigation, but after you click "startinvestigation" they are greeted with a "failed to retrieve investigation...
...anagement page, that particular correlation search type is showing as a saved search, and while I try to edit it, it's opening in saved search window.
I noticed this is happening only for some A...
I have a notable event seen inSplunkEnterpriseSecurity's Security Posture dashboard.
I have reviewed it and determined it to be a false positive.
I want to remove it from view on the Security...
...croll to the bottom to see it. The issue doesn't occur until you sort any column or adjust the number per page.
Does anyone else have ES 5.2.0 and see this issue? It makes reviewing investigations a b...
Some users reported that the investigations functionality is not available for them in the EnterpriseSecurity app. What role/capability should I assign to them?
We use the Investigations as part of our case management process. With that said, is there any way to get data on investigations? We would like to get data such as but not limited to:
Count o...
I am looking for advices on how to plan the backup and storage of "My Investigations" data in the SplunkEnterpriseSecurity (ES).
Two questions regarding this:
1- How to configure and manage t...