Security Premium Solutions

Security Premium Solutions

Browse the Community

Category Activity
meshorer
hello all!I am trying to add  field to an artifact with "update artifact" action (phantom app).i am trying to add a '...
by meshorer Path Finder in Splunk SOAR (f.k.a. Phantom) Thursday
0 4
0
4
ezmo1982
Hi,Notable events in ES can now be assigned Dispositions. I am able to create new Dispositions from the Incident Revi...
by ezmo1982 Path Finder in Splunk Enterprise Security Wednesday
1 2
1
2
aelliott
Does Splunk ES Support IPV6? I've seen some posts that others have had issues with ipv6 assets within the asset looku...
by aelliott Motivator in Splunk Enterprise Security 2 weeks ago
1 3
1
3
glc_slash_it
HelloI'm trying to pass a list of dicts from a "custom code block" into a "filter block", to run either ip_lookup, ha...
by glc_slash_it Path Finder in Splunk SOAR (f.k.a. Phantom) 2 weeks ago
0 2
0
2
LIP
HelloWe have multiple people working on the content in Splunk Enterprise Security, and I need to be able to find when...
by LIP Loves-to-Learn in Splunk Enterprise Security 2 weeks ago
0 10
0
10
cmeisch
I want to create a default search filter for ALL users that go into ES Incident Review.  You can create a new filter ...
by cmeisch Path Finder in Splunk Enterprise Security 2 weeks ago
0 6
0
6
dood9999
I am looking for help with Splunk configurations that the documentation does not seem to provide and can not be found...
by dood9999 Engager in Splunk Enterprise Security 3 weeks ago
0 0
0
0
ansusabu_25
Using SOAR export app in Splunk, we are pulling certain alerts to SOAR. Depending on the ip, the artifacts are groupe...
by ansusabu_25 Observer in Splunk SOAR (f.k.a. Phantom) 3 weeks ago
0 5
0
5
meshorer
hello all,I have an app that to perform an action I cant insert the required parameter as a list. but as a string.thi...
by meshorer Path Finder in Splunk SOAR (f.k.a. Phantom) 3 weeks ago
0 3
0
3
AL3Z
Hi,Could anyone please help me in fine tuning this search as it is raising lot of alerts| tstats count min(_time) as ...
by AL3Z Builder in Splunk Enterprise Security 3 weeks ago
0 5
0
5
mrkrabhishek
Do we have any content to detect "Moniker Link" - CVE-2024-21413
by mrkrabhishek New Member in Splunk Enterprise Security 3 weeks ago
0 0
0
0
staylor
Is there a way to use multivalue fields in SOAR? I have not been able to find a good article on how to do this.We hav...
by staylor Engager in Splunk SOAR (f.k.a. Phantom) 3 weeks ago
1 3
1
3
catherinelam
As the title suggests, our system needs a proxy to hit our SAML2 authentication service, but I don't see an option to...
by catherinelam Loves-to-Learn in Splunk SOAR (f.k.a. Phantom) 3 weeks ago
0 0
0
0
jokr
Hi, I've got a problem with this playbook code block, the custom functions I try to execute seem to hang indefinitely...
by jokr Observer in Splunk SOAR (f.k.a. Phantom) 4 weeks ago
0 2
0
2
AL3Z
Hi,Could anyone pls guide me how we can detect an attacker moving laterally in the environment can be a challenge rig...
by AL3Z Builder in Splunk Enterprise Security 4 weeks ago
0 2
0
2
treven
Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summar...
by treven Explorer in Splunk Enterprise Security 4 weeks ago
0 0
0
0
milesbrennan
I'm using the Service-Now application to build some lookup tables for user and asset information, which is needed for...
by milesbrennan Path Finder in Splunk Enterprise Security 4 weeks ago
1 3
1
3
mr_t2083
How do I get my Incident Review in ES to auto refresh, without having to manually auto refresh it from the browser.
by mr_t2083 Explorer in Splunk Enterprise Security 02-15-2024
1 8
1
8
adol83
Hello Team We have a UBA 3-nodes architecture. Unfortunately, SAML authentication is required. We added the SAML xml ...
by adol83 Explorer in Splunk User Behavior Analytics 02-14-2024
0 1
0
1
aasabatini
Hi Guys,   I would ask how to add a link on the next steps form. on the correlation search I read: "Add a link to an ...
by aasabatini Motivator in Splunk Enterprise Security 02-14-2024
0 5
0
5
DRWhite1
Hello,  How do I obtain an NFR license (or the like)? We have integrations with Splunk but no way to test/evaluate th...
by DRWhite1 New Member in Splunk Enterprise Security 02-13-2024
0 2
0
2
tomapatan
Hi Everyone,We`ve created a new TA to get data in from an API - this was done on the HF and the data is being sent to...
by tomapatan Communicator in Splunk Enterprise Security 02-09-2024
0 1
0
1
jamesbanday
Why I can't  I see data on Splunk ES Non-corporate Web Uploads? When I click on the user, I get mariangelie.rodriguez...
by jamesbanday New Member in Splunk Enterprise Security 02-08-2024
0 1
0
1
vishenps
Hi Folks, lately MC started behaving little wired, after performing investigation whenever SOC analyst trying to redu...
by vishenps Path Finder in Splunk Mission Control 02-08-2024
0 3
0
3
syazwani
Hi peeps, We were fine tuning the Notable Event, and there were fields that were not showing any values. Those fields...
by syazwani Path Finder in Splunk Enterprise Security 02-08-2024
0 3
0
3
Splunk Learning

Splunk has training and education options for everyone, whether it's your first or fiftieth deployment.

Get Started

Announcements
Register for Upcoming Live Tech Talks! Security and Observability Editions are held every month.

Where are you on your adoption journey? Take the quick Security or Observability Resilience Check quiz to find out!
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...
Top Karma Authors