...an internal URL server and then have Splunk EnterpriseSecurity (ES) perform a URL download of the intelligence file. The external client downloads the feed and then pushes the feed to the URL s...
I installed Splunk EnterpriseSecurity, but nothing seems to function (cannot create notable events for instance, getting 500 error in many steps)
When I look at the web_service.log I see : S...
Hi All, I don't have many resource to build an ideal network environment to forward logs to Splunk. So, I'm seeking a way to simulating or source to obtain many commonly data sources into Splunk (L...
...orkflow. The attached Bare_Bones_Splunk.pdf file guides the reader from the point of install tousing the data already being indexed in index=_internal to replicate a few common use cases of S...
...ehind the ITSI paywall. What I'm wondering (mainly from a security perspective), is if there's equivalent apps that Splunk (or third parties, or even individuals) have developed to visualize n...
I've created an alert in Splunk Enterprise and used the Splunk SOAR / Phantom plugin to call the action "Run a playbook in Splunk SOAR". So far so good. Alert fires, it gets forwarded over to SOAR. S...
Hello there, I have spent a good time researching lateral movement in Splunk, unfortunately I have not found much. I have only seen answers suggesting to review the use cases of the Splunk Security...
Hi, I deployed Splunk distributed topology. Now my server Search Head has issue: KVStore is on failed state (it make app "Enterperise Security" failed too). I checked "/opt/splunk/var/log/splunk/s...
Hi all
I am using Splunk Enterprise for security...
But I have a lot of extraneous data in Splunk at the moment. Looking through the dashboards I'm finding a lot of performance and o...