×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Raphy
Explorer
Member since: ‎03-29-2021
‎10-06-2025
Community Statistics
Posts 7
Solutions 0
Karma Given 12
Karma Received 1
Member Since ‎03-29-2021
Activity Feed
View All

Re: Is it possible to make it mandatory to assign ...

by in Splunk Enterprise Security
‎11-28-2024 07:40 AM
‎11-28-2024 07:40 AM
Thank you very much for your answer ! ... View more

Is it possible to make it mandatory to assign Owne...

by in Splunk Enterprise Security
‎11-12-2024 03:58 AM
‎11-12-2024 03:58 AM
Hello, In Splunk Enterprise security we would like to make it mandatory to define a Notable owner to be able to close a notable. We would like to avoid to have closed notables without assignee/owner. Is there a way in Splunk Enterprise Security to make the owner required to close a notable ? Than you very much in advance. Happy Splunking. Raphael ... View more

Splunk issue to display some special characters in...

by in Splunk Enterprise
‎09-22-2022 03:41 AM
‎09-22-2022 03:41 AM
Hello Splunkers, I need your help to understand and to solve an issue we discovered with Splunk. This issue seems to be a limitation or a bug of Splunk Enterprise : We work with microsoft sysmon data, and sometimes we have events with the value of a command executed in prompt. Splunk reports the exact value of the command executed in the raw event : And the value extracted by Splunk for the field CommandLine is the following : However, when I want to display the CommandLine  field in a table or a stats table, then I get that. See the last row of the table for our CommandLine example : Splunk replaces my quotes by HTML encoded charactersin the table. However, the strange thing is not that Splunk replaces everytime special characters by HTML character, Splunk only replaces the special character by HTML characters for some commands executed.  Just check the examples below to understand the issue : Depending on whether we use some texts that Splunk seems to do not like or not, Splunk will encode my special characters in the table or not. The texts in the command executed, that generates the Splunk HTML encoding in table or stats are the followings :          <script> or vbsscript: or javascript&colon;         Otherwise, if I put another text, in the command like "blablascript:" or "script:" I do not have the issue. Could someone please help us to understand from where this issue may come ? Is it a Splunk limitation/bug or just something that we need to configure somewhere ? Great Thanks to you by advance.     ... View more

Re: Microsoft Office 365 Reporting Add-on for Splu...

by in All Apps and Add-ons
‎07-25-2022 06:27 AM
‎07-25-2022 06:27 AM
Hello @jconger , According to this blog post from Microsoft Office from june 30th  : https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-client-credentials-flow-support-for-pop-and/ba-p/3562963 It should be possible from now to retrieve Email data from Exchange Online through Oauth by using an Application permission instead of an user permission.   ... View more

Re: Microsoft Office 365 Reporting Add-on for Splu...

by in All Apps and Add-ons
‎06-30-2022 08:36 AM
‎06-30-2022 08:36 AM
Have you received feedbacks from Microsoft on OAuth support ?  Thank you. ... View more

Re: Microsoft Office 365 Reporting Add-on for Splu...

by in All Apps and Add-ons
‎01-21-2022 07:50 AM
‎01-21-2022 07:50 AM
I relaunch this really important discussion about Microsoft Office 365 Reporting Add-on for Splunk  that must upgrade to Modern Authentication, as Microsoft company has announced that Basic Authentication will be deprecated. Indeed in the last post of Microsoft on that topic Published on Feb 04 2021  : https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210 They announced : "Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth." So, within few months this Add-On will be out of service because It only uses Basic Authentication to connect and to retrieve Message Trace logs from MS Exchange Online. I agree we have the Splunk Add-on for Microsoft Office 365 that retrieve some useful audit data, but unfortunately It cannot collect Message Trace data as the Microsoft Office 365 Reporting Add-on does. We already have 2 Splunk Ideas on that subjet : https://ideas.splunk.com/ideas/APPSID-I-70 https://ideas.splunk.com/ideas/APPSID-I-27 Those evolution are planned, but they should be on going because the evolution to Modern Authentication is today necessary. I am asking to Splunk corporation and to the developers of these Add-Ons, what is the situation on that subject ? Do you have a solution to provide to Splunk customers that would like to continue to get Mesage Trace logs for security monitoring ? @abalogh_splunk  @jconger  @Anonymous              ... View more

Re: "Error loading required module Cyberchef: Synt...

by in All Apps and Add-ons
‎01-18-2022 05:11 AM
1 Karma
‎01-18-2022 05:11 AM
1 Karma
Me too, I got the same issue.  I believe the point is discussed here : https://github.com/NDietrich/CyberChef-for-Splunk/issues/12   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-06-2025 06:35 AM
Karma from
View All
Karma given to