Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

How to send events via HEC method via JSON format?

Hi to all. im setting an integration with Splunk and Splunk ES. I decided to send events via HEC method json fo...

by Observer in

Is it possible to set up retrospective searches based on new threat intelligence indicators in ES?

As the title says, I am looking to setup retrospective searches based on new threat intelligence indicators in ES. ...

by Contributor in

How to detect threat from MySQL database, and as a threat response- how to safeguard storage volume used for database?

use case : How to detect threats from MySQL database and as a threat response how to safeguard Storage volume used...

by Engager in

How to configure email settings for Splunk Cloud to send alerts?

What's the best practice to configure email settings on Splunk Cloud Enterprise Security (ES) and Adhoc search head t...

by Builder in

Is it possible to change time format for column Receipt Time in Incident Review window?

Is it possible to change format time for the column "Receipt Time" in "Incident Review"? Currently I see this time...

by Engager in

Input lookup results: How to exclude results from Lookups?

Hi, index=network sourcetype=cisco:asa NOT src_ip IN("10.0.0.0/8","10.0.0.1,"10.0.0.2") | bucket _time span=1m| st...

by Engager in

Where can I find Splunk logs for Content management in Splunk Enterprise security?

Hello Team, In our environment, we have created use cases in the content management in Splunk ES. We want to know ...

by Loves-to-Learn in

Threat Activity Detecting Possibly Old Intel From Old Lookup- Search shows more than specified?

Hello Splunkers, I have a search created below to only detect local ip intel specified manually by the user: ...

by Path Finder in

In Splunk Fortinet FortiGate app - Wireless and System dashboards are not working?

In the Splunk Fortinet FortiGate app - wireless and System dashboards are not workingboth dashboards are not showing ...

by Explorer in

Variable substitution not working in correlation search?

I have a correlation search for detecting when host stops sending logs. I enabled the search and set the title as bel...

by Path Finder in

Splunk Add-on for Windows - DNS Not Mapped to CIM?

i have installed the Splunk Add-on for Windows app to monitor DNS logs using the Debugging enabled option on my serve...

by Engager in

Risk isn't showing up in the Edit Correlation Search?

I have an app with my alerts. I have risk enabled and it's working however risk isn't showing up in the Edit Correlat...

by Explorer in

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway?

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway (UAG)? Splunkbase doesn't seem to h...

by Communicator in

What apps are used for splunk in soc in bank?

which apps are used in Splunk soc in a bank ?? for threat intel, incident response, and so on.

by New Member in

Is it possible to get the creation date of a correlation search?

Hello Splunkers, I was wondering if there is a way to get the creation date of a correlation search. If s...

by Path Finder in

How to change the event time of ES Incident Review

Hello, I am new for Splunk ES. To configure the ES Incident Review, I use the default setting for the Time which sh...

by Loves-to-Learn Lots in

How do we prevent Content Update popup window in ES 7.0?

We are planning to upgrade ES from 6.6.2 to 7.0.1, one of the new features will have a pop up window indicating that ...

by Path Finder in

Expiration of Threat Intel in Enterprise Security- Once file is uploaded, should we remove rows from CSV to start it?

Hi, We use the threat intelligence app within Enterprise security and use the local IP intel csv (local_ip_intel.c...

by Engager in

Is there any way to know about hot warm cold frozen buckets lifespan from Splunk GUI?

Hello Splunk team, I have two doubts please help me with details, 1. We are using Splunk cloud platform for Enterp...

by Loves-to-Learn in

Splunk Enterprise Security: How can I edit a notable table in the Incident Review dashboard to alternate row colors?

I want to zebra strip (gray, white, gray, white)/alternate the row colors in the triggered notable table in the Incid...

by Explorer in

Can Splunk HEC enable client authentication?

I want to enable client authentication. so I midify $SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf [http...

by Observer in

Tried to edit one notable and 15,000 events got updated instead- Is there a way to rollback?

Hello Splunkers, We had some trouble with notable events. Long story short, by wanting edit one notable, ...

by Path Finder in

How to change notable event row color or the color of any field in incident review dashboard?

Hi, I'd like to change Notable Event row color or the color of any field in incident review dashboard to easily id...

by Builder in

Ho do I resolve Splunk Enterprise Security error: View more information about your request (request ID = 631c96cc4c7fa17

while opening into search head server get error as : View more information about your request (request ID = 631c96...

by Loves-to-Learn Lots in

How to link each fired alert to respective saved search?

Hi community! I have a dashboard that shows the alerts on table and in the graph, the questions is How I can li...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to send events via HEC method via JSON format?

Is it possible to set up retrospective searches based on new threat intelligence indicators in ES?

How to detect threat from MySQL database, and as a threat response- how to safeguard storage volume used for database?

How to configure email settings for Splunk Cloud to send alerts?

Is it possible to change time format for column Receipt Time in Incident Review window?

Input lookup results: How to exclude results from Lookups?

Where can I find Splunk logs for Content management in Splunk Enterprise security?

Threat Activity Detecting Possibly Old Intel From Old Lookup- Search shows more than specified?

In Splunk Fortinet FortiGate app - Wireless and System dashboards are not working?

Variable substitution not working in correlation search?

Splunk Add-on for Windows - DNS Not Mapped to CIM?

Risk isn't showing up in the Edit Correlation Search?

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway?

What apps are used for splunk in soc in bank?

Is it possible to get the creation date of a correlation search?

How to change the event time of ES Incident Review

How do we prevent Content Update popup window in ES 7.0?

Expiration of Threat Intel in Enterprise Security- Once file is uploaded, should we remove rows from CSV to start it?

Is there any way to know about hot warm cold frozen buckets lifespan from Splunk GUI?

Splunk Enterprise Security: How can I edit a notable table in the Incident Review dashboard to alternate row colors?

Can Splunk HEC enable client authentication?

Tried to edit one notable and 15,000 events got updated instead- Is there a way to rollback?

How to change notable event row color or the color of any field in incident review dashboard?

Ho do I resolve Splunk Enterprise Security error: View more information about your request (request ID = 631c96cc4c7fa17

How to link each fired alert to respective saved search?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...