Splunk Enterprise Security

Discussions

Thread Info

Splunk Add-on for Cisco ASA: Will you help me create a regex expression for a transforms.conf file which filters certain logs out before indexing?

Cisco ASA Regex filtering needed Hello Splunk community, I am in need of some regex help. We have been receivi...

by Path Finder in

How Do You Manage EfficentIP DNS Log Ingestion?

I'm currently looking for others input on how they ingest EfficentIP data sources. Does anyone actively ingest Effice...

by Path Finder in

Can you help me troubleshoot a problem adding a trendline to my query?

I need to make a report once a month that indicates the trend between the succesful / unsuccesful log-ins on the netw...

by Communicator in

In the Splunk Enterprise Security Incident Review Dashboard, is it possible to change the default status label?

Is it possible to change default status value from "All" to New & "In Progress" via GUI in the Incident Review dashbo...

by New Member in

Recover Description of notable via search?

Hi everyone, I'm trying to create a search that i can display the notable information. But i have a problema, when...

by Explorer in

Splunk DB Connect: Can you help me create a search that generates an asset list from our Microsoft SQL server?

We are attempting to bring data in from a CMDB to generate our Assets list for Splunk. We have established the connec...

by Communicator in

After running a search which uses a lookup file to whitelist certain domains, I'm receiving the following error: "Regex: UTF-8 error: byte 2 top bits not 0x80"

I am attempting to run a search which matches specific domain names. In this search, I am using a lookup file to whit...

by Explorer in

Merging result of inputlookup file with subsearch to get required results

i have one csv file which contains device name location data , i need to get count of all the device name location wi...

by Path Finder in

How do you properly upload CSV data to Splunk?

I am trying to be an admin for a separate work project. But our original admin has been out of town for a few weeks, ...

by New Member in

When setting up an alert with a "saved search," why am I getting duplicate alerts for the same event with different event_id?

I have set up an alert using a "Saved search" in Splunk Enterprise Security. I am throttling alerts for an hour when ...

by New Member in

Why can't the Splunk AWS Add-On consume Guardduty events using Kinesis like it does for VPC Flow Logs without the need for the HEC?

Why can't the Splunk AWS Add-On consume Guardduty events using Kinesis like it does for VPC Flow Logs without the nee...

by New Member in

Can you do a tstats with Splunk Enterprise Security that would match the value from a lookup table?

Hello all, I am working in Splunk ES and i would like to add the capability of getting a match on my URL list. ...

by New Member in

Reverting to Splunk Enterprise v7.0.x from v7.1.2.

I am running Splunk ES v4.7.2 and upgraded it, along with the rest of my servers to Splunk Enterprise v7.1.2. After h...

by Explorer in

Palo Alto Networks Add-on 6.0.2: Why can't I download threat intelligence from AutoFocus' MineMeld in Splunk Enterprise Security?

Palo Alto Networks Add-on 6.0.2 - fail to download threat intelligence from AutoFocus' MineMeld in Splunk Enterprise ...

by New Member in

Why am I getting a warning when our systems are scanned by Qualys as a part of our deployment process?

Below is the report from Qualys, please help me work it around. X-XSS-Protection HTTP Header missing on port 8089....

by Splunk Employee in

Will the correlation that ES works off of with the Add-on cause issues in finding the data if I have version 5.0 in the environment and version 4.8.4 in ES?

I'm running into an issue with Enterprise Security (ES) - correlation with event types with Add-ons. The example ...

by Path Finder in

how to check severity of notable event

I want to check the severity of notable events so that I can hardcode the value of urgency without using lookups. Is ...

by Communicator in

Parse IMAP message into multiple events

Users report us suspicious emails for threat analysis. My idea is to import these emails into Splunk ES and automate ...

by New Member in

Enterprise Security (ES) asset lookups failing with SRC and dest fields reporting “unknown-internal” and “unknown-external”

Running ES 5.1 on Splunk 7.1. The asset lookups have been working fine. This morning the SRC and dest fields display ...

by Splunk Employee in

How to properly escape a DN (with commas) for ldapsearch?

I'm trying to make ldapfilter augment my results. I have a DN that I'm trying to resolve to an account name (sAMAccou...

by Super Champion in

How do you show only specific categories in returned events?

I'm trying to run a simple search that shows only specific results and excludes the rest. The results are coming ...

by New Member in

Can you help me create a search that would match fields for two different indexes and stats?

Hi team! I need help with a search. I have 2 indexes and I want to match both for an IP field. If they match, ...

by Path Finder in

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Hi, Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterpri...

by Communicator in

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

I understand we can use the following to look at the investigations created which are 'Active'. |inputlookup appen...

by Influencer in

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

On new install of Splunk Enterprise Security (version 4.7.6), I am seeing the following errors, once an hour. I inclu...

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk Add-on for Cisco ASA: Will you help me create a regex expression for a transforms.conf file which filters certain logs out before indexing?

How Do You Manage EfficentIP DNS Log Ingestion?

Can you help me troubleshoot a problem adding a trendline to my query?

In the Splunk Enterprise Security Incident Review Dashboard, is it possible to change the default status label?

Recover Description of notable via search?

Splunk DB Connect: Can you help me create a search that generates an asset list from our Microsoft SQL server?

After running a search which uses a lookup file to whitelist certain domains, I'm receiving the following error: "Regex: UTF-8 error: byte 2 top bits not 0x80"

Merging result of inputlookup file with subsearch to get required results

How do you properly upload CSV data to Splunk?

When setting up an alert with a "saved search," why am I getting duplicate alerts for the same event with different event_id?

Why can't the Splunk AWS Add-On consume Guardduty events using Kinesis like it does for VPC Flow Logs without the need for the HEC?

Can you do a tstats with Splunk Enterprise Security that would match the value from a lookup table?

Reverting to Splunk Enterprise v7.0.x from v7.1.2.

Palo Alto Networks Add-on 6.0.2: Why can't I download threat intelligence from AutoFocus' MineMeld in Splunk Enterprise Security?

Why am I getting a warning when our systems are scanned by Qualys as a part of our deployment process?

Will the correlation that ES works off of with the Add-on cause issues in finding the data if I have version 5.0 in the environment and version 4.8.4 in ES?

how to check severity of notable event

Parse IMAP message into multiple events

Enterprise Security (ES) asset lookups failing with SRC and dest fields reporting “unknown-internal” and “unknown-external”

How to properly escape a DN (with commas) for ldapsearch?

How do you show only specific categories in returned events?

Can you help me create a search that would match fields for two different indexes and stats?

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code

Adding comment (link) to Next Steps (In an alert u...