We are looking at utilizing the "InfoSec App for Splunk" however the last version is from June of 2021 (two years ago).  Has this app been superseded by another or is there a different long term plan for the app?  Just wanting to know if we should continue down this path or another path. Thanks! ... View more

Is it expected behavior when a user has write capability to another users knowledge object and the app, that write capability does not include "Edit Permissions" capability to that object?  Users have the ability to edit objects that they are not the owner of but don't have the ability to edit the permissions of the objects they are not the owner of.  They can only edit permissions of objects that they own. We can see the users are in the role that has write permissions to the object as well as write permissions to the app, the objects in the app aren't private, but for saved searches the dropdown in the Edit menu, the "Edit Permissions" option does not appear.  The Edit Permissions option only seems to appear for the owner of the object.  For lookups owned by another user, Permissions can be seen by others with write capability to the object but are greyed out and unable to modify the permissions. We've verified that the user can edit the object by modifying a savedsearch or lookup and clicking on save, and subsequently seeing the change afterwards.  Write permissions seems to exist for objects owned by another user but not the ability to modify the permissions to those objects. This occurs on multiple search centers. ... View more

The closest document I could find to an Operating System to Universal Forwarder version compatibility is the download site (link below), is there another link that can be used? https://www.splunk.com/en_us/download/previous-releases-universal-forwarder.html ... View more

We have created an experiment in MLTK and published a model for it, is there a way other viewers can see the experiment?  Everyone seems to be able to see only their own experiments when navigating to the experiments tab.  I would have expected to see a Permissions option in the Manage drop down menu. ... View more

We are planning to upgrade ES from 6.6.2 to 7.0.1, one of the new features will have a pop up window indicating that a new Content Update version is available and allows for the option to upgrade to the new version.  We'd like to suppress this pop up and/or prevent the update through the UI.  Would either of the below two settings prevent the pop up?  If we can't suppress the pop up will either of the below two settings help prevent the update from occurring? web.conf: Setting 'updateCheckerBaseURL' to 0 stops Splunk Web from pinging  Splunk.com for new versions of Splunk software. app.conf: Setting 'check_for_updates' to 0, this setting determines whether Splunk Enterprise checks Splunkbase for updates to this app. https://docs.splunk.com/Documentation/ES/7.0.0/RN/Enhancements Automated updates for the Splunk ES Content Update (ESCU) app When new security content is available, the update process is built into Splunk Enterprise Security so that ES admins always have the latest security content from the Splunk Security Research Team. ... View more