Splunk Enterprise Security

Discussions

Thread Info

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

In our Splunk Enterprise Incident review queue, I have a custom lookup that is being used for our threat intelligence...

by Explorer in

Format an asset list in Splunk Enterprise Security

Hi Splunkers, As it's stated in documentation, fields like ip, mac, dns in Asset lookup should be "A pipe-delimite...

by Contributor in

Can you run a correlation search as an adaptive response or can you run a correlation search from a python script?

Hi all, I have created an adaptive response collects information from a host and indexes it. I have attached th...

by Communicator in

Splunk Enterprise Security - How do you add asset fields in new search automatically?

Hi, I'm working on adding new data in CIM and putting tags in Communication and network with required fields. Of c...

by Engager in

Is the webhook option supported for adaptive response actions in Enterprise Security?

The webhook opiont is only available under Search & Reporting alert actions. This option in not available in the adap...

by Engager in

Time-based Assignment of Notable Events

Hello Is it possible to assign the default owner of the notable event based on a time schedule? For example, if...

by Engager in

Enterprise Security Question

We are using ES and I was wondering if all the data models\lookups and enriched data available when searching from a ...

by Path Finder in

ES - Access Tracker not recording successful AD auth due to lack of dest

The correlation search 'Completely Inactive Accounts' makes use of the Access Tracker lookup, which records the most ...

by Communicator in

Threat Intelligence download remains stuck on csv doanload

I added a new Threat Intelligence Download and in the Audit dashboard I can constantly see that the feed on "csv down...

by Engager in

Unable to create the alert in ES App

I tried creating an ES App alert to detect if anyone is sending emails to the mentioned blacklisted domains, but its ...

by Explorer in

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Hi everyone, I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically fo...

by Path Finder in

How to launch Splunk URL using xml file?

Hi, I am trying to call dashboard via the XML file. How do I pass the username and password as parameters? http...

by New Member in

Splunk Stream: How can I integrate Splunk Stream with Enterprise Security and get the Adaptive Response action to run one-off Streams to function?

Hey all, Looking for any better documentation/steps on integrating Splunk Stream app with Enterprise Security. Run...

by Explorer in

Splunk Enterprise Security: Does anyone have an extraction regex example for the threat intelligence download manager?

Does anyone have an example of how to use the extraction regex in the threat intelligence download manager?

by Communicator in

After Enterprise Security Update I get connection reset by peer

I upgraded to the latest ES app and now I get "The connection was reset" error when I am trying to connect to the web...

by Communicator in

How to find the source of excessive failed logins (bruteforce)?

We see there are 40,000 failed login attempts to a DC on our network but are unable to verify the source (IP) using S...

by Explorer in

Enterprise Upgrade Path

Hi Splunk forks, I would like to make sure if the following upgrade path is okay. We have ES 4.5.1 running on Splu...

by Engager in

Enterprise Security - Lists & Lookups Data Ignored

Is there a way to ignore additional field data populated from anything other than Lists and Lookups data within ES? ...

by Path Finder in

comparing two fields from different indexes

I have 2 indexes which have common values in their fields index1 has a field dest containing few values which are mat...

by Explorer in

Preformatting a constraint field in a swimlane

Splunk ES: 6.5.2 Splunk Enterprise Security: 4.5.1 I am adding a new swimlane to the Identities Investigator and...

by Communicator in

Enterprise Security: How can I get the group names I created to populate in the AV logs so an alert can be generated?

In ES, I'm trying to create a correlation search where I establish groups on a 'List and Lookups' asset list (under t...

by Path Finder in

Is it possible to create a unique row in a Splunk Enterprise Security dashboard?

Hello, I'm trying to find out if it's possible to create a unique row in a Splunk Enterprise Security dashboard. F...

by New Member in

where to check notable status ? not from ES app but from logs.

Hello, My question is regarding "Splunk App for Enterprise Security". This app will trigger Notables and loggi...

by Communicator in

Why is my Custom Tag not applying to all the applications?

Hi, I am trying to add a tag for my logs to be CIM compliant/use in Email datamodel. The tag does being applied in...

by Explorer in

How to setup an Alert when events indicated changes to all NTP setting on any platform are made?

Hi, I need help on how to setup an Alert when – events indicated changes to all NTP setting on any platform are ma...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

Format an asset list in Splunk Enterprise Security

Can you run a correlation search as an adaptive response or can you run a correlation search from a python script?

Splunk Enterprise Security - How do you add asset fields in new search automatically?

Is the webhook option supported for adaptive response actions in Enterprise Security?

Time-based Assignment of Notable Events

Enterprise Security Question

ES - Access Tracker not recording successful AD auth due to lack of dest

Threat Intelligence download remains stuck on csv doanload

Unable to create the alert in ES App

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

How to launch Splunk URL using xml file?

Splunk Stream: How can I integrate Splunk Stream with Enterprise Security and get the Adaptive Response action to run one-off Streams to function?

Splunk Enterprise Security: Does anyone have an extraction regex example for the threat intelligence download manager?

After Enterprise Security Update I get connection reset by peer

How to find the source of excessive failed logins (bruteforce)?

Enterprise Upgrade Path

Enterprise Security - Lists & Lookups Data Ignored

comparing two fields from different indexes

Preformatting a constraint field in a swimlane

Enterprise Security: How can I get the group names I created to populate in the AV logs so an alert can be generated?

Is it possible to create a unique row in a Splunk Enterprise Security dashboard?

where to check notable status ? not from ES app but from logs.

Why is my Custom Tag not applying to all the applications?

How to setup an Alert when events indicated changes to all NTP setting on any platform are made?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...