Splunk Enterprise Security

Discussions

Thread Info

failed to start kv store process. see mongod.log and splunkd.log for details.

failed to start kv store process. see mongod.log and splunkd.log for details. Plz help

by Observer in

Splunk kb store and logs recieving issue on indexer

Hello. I have created an index under a custom app from splunk web it is reflecting but we I have set up the univarsal...

by Observer in

Trying to add a sub_search that brings back the action field to the base search. Any help will be appreciated.

index=cim_modactions source=/opt/splunk/var/log/splunk/incident_ticket_creation_modalert.log host=sh* search_name=* s...

by Path Finder in

notable index forwarding into indexer cluster.

we have our environment in google cloud platform where we have SH cluster with 3 SH.and earlier the issue was notable...

by Explorer in

help spl query

Hello, I need some help for a query. I have to do this : At the moment I haven't managed to get exactly w...

by Path Finder in

How to View all Suppression Details in Endpoint

Hi Guys, Need a help i am trying to check my suppression list in rest endpoint i have almost 100+ suppression sho...

by Explorer in

Retrieve Notable urgency within Adaptive Response

Hi, I am currently working on an Adaptive Response that notifies us whenever there is a Notable in our queue of a c...

by New Member in

Adding another peer to SH to be used for Enterprise Security

I have an existing search head that is peered to 2 cluster mgrs. This SH has the ES app on it. I am looking to add ad...

by Explorer in

Splunk query for use case onboarded

we have 100+ use cases onboarded into splunk ES. also we are receiving the alerts few of them but i want to know exac...

by Explorer in

SPLK-5001 CyberSecurity defense analyst

I am taking the SPLK-5001 Cybersecurity Defense analyst exam, where can I find useful and accurate practice exams to ...

by Engager in

adding a custom field to notable and update the value via api

Hi Team, I am working with Splunk version 7.3.2, and I would like to add a custom field called jira_ticket to notab...

by New Member in

es_notable_events Query

Hi folks, Looking to use es_notable_events as a way of building out a panel that will get info on ES events for th...

by Explorer in

Saved Search in Source Code

I am working on Splunk Enteprise Security. | savedsearch "Traffic - Total Count" is working fine and givin...

by New Member in

Rest API for Notable Suppression

Is there a rest api available for Notable Suppression ? to get the suppresssion details and modify them via rest api

by Explorer in

Adding comment (link) to Next Steps (In an alert under incident review)

Hello, i have started my journey in more admin activities. Currently I was attempting to add a URL (comment) under th...

by New Member in

Manually Download and Import Threat intelligence Update for Splunk Enterprise Security

Hi all, Was wondering if there was a way to manually grab the threat intelligence updates for Splunk ES (we are on ...

by Communicator in

How to migrate data in an indexer cluster to a new indexer cluster environment?

Hi peeps, I need some information about migrating data from an instance in a cluster environment to a new cluster ...

by Path Finder in

Assistance with Alerts Related to PowerShell Execution Policy in Splunk

Hello everyone, I am facing an issue with the alerts triggered by the "Set Default PowerShell Execution Policy To U...

by Engager in

Splunk deployment for enrichment based on csv file

Hi I have deployed Splunk enterprise and my logs are getting ingested into the indexer. Now i have created an ...

by Loves-to-Learn Lots in

How do I test/check to see if my new "local" ES ThreatFeed is working?

I am using these dox:https://docs.splunk.com/Documentation/ES/8.0.1/Admin/AddThreatIntelSources#Add_threat_intelligen...

by Esteemed Legend in

How to add link in ES Notable events "next steps" form?

Hi Guys, I would ask how to add a link on the next steps form. on the correlation search I read: "Add a...

by Motivator in

Enable SSL: Search Head Cluster

Hello, While trying to deploy the ES using the Deployer GUI, I want to Enable SSL However I faced the below: ...

by Path Finder in