(This is the first of a series of 2 blogs).
SplunkEnterpriseSecurity is a fantastic tool that offers robust features to give you great insights into your protected infrastructure, helping you s...
...LFF93FRoUwXH_7yitxQiSUhJlZE7Ybmfu&index=3), but I had trouble connecting soar to Splunk because Splunk SOAR and SplunkEnterpriseSecurity are on different networks. In the most common example I came across, SOAR and SplunkEnterprise...
...og files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break s...
In September, the Splunk Threat Research Team had two releases of new security content via the EnterpriseSecurity Content Update (ESCU) app (v4.40.0 and v4.41.0). With these releases, there are 58 n...
...dentify and Mitigate Certificate Expiry Issues
Part 3: Config Assist: Set Up a More SecureSplunk Configuration
Part 4: App Assist: Keep YourEnterprise Apps Up-to-Date
Are you w...
In October, the Splunk Threat Research Team had one release of new security content via the EnterpriseSecurity Content Update (ESCU) app (v4.42.0). With this release, there are 10 new analytics, 1...
Hello, community! 👋🏼
We are thrilled to announce the latest innovations to SplunkEnterpriseSecurity (ES) 7.0 - now available onSplunkbase! 🙌🏼
ES 7.0 continues to improve on c...
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in EnterpriseSecurity could be updated to have the src_ip and dest_ip columns to allow me to define acceptable usage of a...
...mplement for any application that communicates over the publicnetwork. The three available updates in SplunkEnterprise 9.0 enable you to configure TLS at the right time for your business (ISVC-2022-0602, S...
...ecords (ip, dns)
DHCP Records (ip,mac, dns)
Windows Security Authentication (nt_host, owner)
Network Identity Services (ip, owner)
The savedsearch just concatenates the lists, no m...
