Splunk Enterprise Security

Discussions

Thread Info

Is there a way to optimize correlation search with tstats?

Hello everyone, I have a correlation search setup to detect Suricata IDS alerts of a specific severity and trigger...

by Communicator in

How to export and print a splunk dashboard in python?

I want to export the result of a Splunk dashboard and authentication would be via SSO/SAML. I can provide the usernam...

by Communicator in

Can I inherit from the CIM Model?

We have lots of firewalls (both internal and internet facing) feeding into our CIM Network_Traffic Model within Enter...

by Engager in

How to see newly created calculated field/field alias/field extraction in the logs ?

Hi All, I have created a newly created field/field alias/field extraction with GLOBAL Permissions.Example | eval t...

by Explorer in

Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service?

I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service I have set up the Int...

by Explorer in

Questions about Data Model new source addition.

I have this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved search...

by Contributor in

Why is gia_summary index not populating?

I've been investigating why I started to not receive ES events for some time now. After upgrading ES, I had to reins...

by Builder in

How to use Time format picker

Hi, i have an requirement as like below. TimeStampLoginUsersAvg SLAMin SLA Max SLA20-02-2022 11:3035113.420-02-...

by Engager in

How to limit memory usage for a search?

Could you please tell me about the following? If I want to limit memory usage for a search, is it correct to think th...

by Communicator in

Assets Exceeding Field Limits, Source: [merge]

Been getting messages saying that some identities are exceeding the field limits. I've increased the limit on some of...

by Path Finder in

How to create an Index in splunk to send data through TCP port

We have some firewall devices sending data to one index previously. Now I have to create new index for some of the de...

by Explorer in

Splunk enterprise security-is there a way to execute the following process of the OS?

is there a way to execute the following process of the OS? ?? -Cluster master server (Splunk Enterprise insta...

by Communicator in

How to find the most use cases trigger alerts in Splunk?

Greetings! I need to know how I can find the most use cases trigger alerts in Splunk. is there any specific sea...

by New Member in

ldapsearch

How would I find sAMAccountName(s) - more than one. I have tried boolean operators and(&) or(|) to no avail. Currentl...

by Loves-to-Learn Everything in

Fine-tuning Enterprise Security?

Hello everyone! I'm looking for assistance with fine-tuning Enterprise Security. I've been working hard with conf...

by Builder in

How to tune search for detection of DNS tunnels rule

I need help on how I can tune the search below. It creates too much noise. I will like to know what steps I can use t...

by New Member in

How to find out which data model a particular app maps to?

How do I find out which data model a particular app "maps" to? Specifically the Cisco security suite ... I see ...

by Engager in

Upgrading Enterprise Security in search head cluster

Hi, I'm having an issue with my deployer and search head cluster while upgrading enterprise security. In step 8...

by Path Finder in

invalid key for param.default_disposition on Splunk ES 6.6.0

I recently installed brand new Splunk 8.2.2, then installed Splunk ES 6.6.0 on it, after Splunk ES installed and conf...

by Engager in

Different Search Results From Two Macros With Same Contents

Hello everyone. I'm looking for some assistance with a problem where I get differing search results from what should ...

by Explorer in

How to automatically assign a recent random notable to a specific user

Hello, I would like to assign random new "unassigned" notables to a specific user. I wanted to accomplish this vi...

by Path Finder in

Different results for same search on same search head for rest call or save search.

Hello there, I get different results when I run a rest call. For example I ran a rest command to bring all the dashbo...

by Explorer in

Threat Artifacts setting

Hello Splunkers, is there any way to change that red box name as a test?? Thank you in a...

by Path Finder in

check traffic -RDP connections

Helloany ideas how can i check rdp attempts or connections in Splunk? many thanks

by Explorer in

Merging identity lookups fails

Hi Splunkers, I have an issue merging two identity lookup files on ES. In particular, my first lookup file has rows...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Is there a way to optimize correlation search with tstats?

How to export and print a splunk dashboard in python?

Can I inherit from the CIM Model?

How to see newly created calculated field/field alias/field extraction in the logs ?

Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service?

Questions about Data Model new source addition.

Why is gia_summary index not populating?

How to use Time format picker

How to limit memory usage for a search?

Assets Exceeding Field Limits, Source: [merge]

How to create an Index in splunk to send data through TCP port

Splunk enterprise security-is there a way to execute the following process of the OS?

How to find the most use cases trigger alerts in Splunk?

ldapsearch

Fine-tuning Enterprise Security?

How to tune search for detection of DNS tunnels rule

How to find out which data model a particular app maps to?

Upgrading Enterprise Security in search head cluster

invalid key for param.default_disposition on Splunk ES 6.6.0

Different Search Results From Two Macros With Same Contents

How to automatically assign a recent random notable to a specific user

Different results for same search on same search head for rest call or save search.

Threat Artifacts setting

check traffic -RDP connections

Merging identity lookups fails

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

notable index forwarding into indexer cluster.

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code

Adding comment (link) to Next Steps (In an alert u...