Is there any way to get a developer license of Splunk IT Service Intelligence (ITSI) and/or SplunkEnterpriseSecurity (ES)?
I would love to adapt my apps to fit into ITSI/ES and add adaptive r...
Register here. This thread is for the Community Office Hours session on SplunkEnterpriseSecurity (ES) on Wed, October 25, 2023 at 1pm PT / 4pm ET. This is your o...
...forward the "SecurityIntelligence Event" to the Indexer.
Now I can search all the events in Enterprise which forward from the forwarder.
I create props.conf and transforms.conf in the Heavy F...
Splunk ES documentation https://docs.splunk.com/Documentation/ES/7.1.1/Admin/Downloadthreatfeed#Add_a_URL-based_threat_source describes how toAdd a URL-based threat source and it seems w...
Is there a way to use lookups toadd threat intelligenceto the non-network based intelligence stores, such as file_intel? I know STIX and OpenIOC can populate these, however, I've got IOCs in C...
Hi I would like toadd an additional Threat Intelligence Feed to the collection of the Intelligence Downloads in EnterpriseSecurity. The Service-URL needs to have an authorization header to...
We have looked at adding some threat intelligence apps to our EnterpriseSecurity instance and have decided that we can consume the information that we are looking for via TAXII feed. The i...
Hello to all my dear friends We have SH-Cluster with 5 Search head and EnterpriseSecurity(ES). When I want toadd a new Threat List as a URL, I have to go to this address: ES APP\Configure\Data E...
Is there a way to update the default collection or create a custom collection of swimlanes for the investigator dashboards for Splunk for EnterpriseSecurity?
For example, Asset Investigator has t...
...ommunity.splunk.com/t5/Security/Add-domains-to-threat-lists/td-p/116392
Or its related to below dashboard in EnterpriseSecurity Suit?
SplunkEnterpriseSecuritySuite/SecurityIntelligence/Threat Intelligence/T...