Splunk Enterprise Security

Discussions

Thread Info

Need help with steps for file monitoring on Windows server for Splunk use. I found the following link. Too generic. Thx

Have a few Windows server that I need to enable file monitoring on to be sending logs to Splunk Ent. server. I could ...

by Builder in

Error when polling TAXII feeds with Enterprise Security

I am unable to make the Threat Intelligence input for hailataxii work using on-prem Splunk Enterprise. Splunk Enterpr...

by Builder in

Proofpoint ET or VirusTotal Adaptive Response action

Hello , Has anyone configured Proofpoint ET or VirusTotal Adaptive response action in ES ? Basically look up the des...

by Builder in

How to pass Multiple Values in a single token of drilldown

<query>index=index_test| dedup empID| eval tot = case (match('call.code' , "1") OR match('call.code' , "2") OR match(...

by Explorer in

Why shouldn't one copy or Synch Splunk Enterprise Reports to ES? It is not recommended why please? Thanks

I have read on Splunk.com that Ent. reports don't satisfy use cases the ones on the ES. And that they should not be c...

by Builder in

External Reverse DNS Lookup

I'm pretty new to Splunk and have currently been tasked to startup an App and am outfitting a dashboard for my team. ...

by New Member in

Is it possible, not to edit notable ownership once the notable already assigned to some other owner

Hi All, In Splunk, is it possible to keep restriction not to edit ownership once the notable already assigned to so...

by Loves-to-Learn Lots in

Notable Event Triggers but Related Query Fails to Run

Greetings Splunkers, I have recently started having triggered alerts from a couple of correlation searches that whe...

by Path Finder in

Is there a SPL to list the Reports that run on the Enterprise with errors / don't run due to the errors?

We have a ton or reports on the Splunk Ent. & I need to find if any are not finishing due to an error. Some reports a...

by Builder in

How do I Synchronizes Reports on the Splunk Enterprise with ES (Ent. security). Thx a million

I have a ton or reports on the Ent. & like to synch them with ES to save time recreating them. Which is better synchi...

by Builder in

Integration with Obstracts into ES (TAXII 2.1)

Hi, I checked Splunkbase for an integration with an intel feed reader we use, Obstract (https://www.obstracts.com/), ...

by New Member in

Splunk ES issue

Need help on enterprise security. Is there a way to create a standard TAXII Parser that can do correlation searches o...

by Explorer in

Why does Splunk search less events in the last 30 days (950k) vs the last 7 days (24million)?

I have a strange issue where when I run a tstats query against a data model for the last 7 days in smart mode, 24mill...

by Communicator in

<host>:<port>/services/data/threat_intel/ endpoint not found

I assume that I need to install Splunk Enterprise Security 1. Is my assumption correction? 2. It says Contact Sa...

by Engager in

Requesting for Enterprise Security Trial to no avail

Hi, I am trying to utilize the Splunk Enterprise Security 7-Day Trial, through this link:https://www.splunk.com/en_us...

by New Member in

Exclude results from tstats

I have a correlation search created. However, I want to exclude files from being alerted upon. I have an lookup fil...

by Engager in

Splunk ES sandbox

how to get splunk ES 7-Day sandbox?

by New Member in

Splunk Enterprise Security Incident_review very very slow

When restart the search head，Incident_review very very slow

by Loves-to-Learn in

How to set up shared datamodels

We have a SHC of three members & 1 Enterprise Security. Prior to 8.0 each were running their own datamodels. Now that...

by Communicator in

Improve search performance

Hi All, I need to improve the performance of my below search, which currently completes in about 132sec. The search...

by Explorer in

How do I find causes or Event processing errors I get on the ES please. Thx a mil.

I have started getting Event processing errors in the MC & messages on the ES main page. I looked for skipped & delay...

by Builder in

[Bug] Download threat intelligence feed ignoring Timeout setting

Hello, Working on a threatq list which takes more than 1min to be generated, I was always looping in splunk with :...

by Path Finder in

Need help with a solution for errors I get downloading 60,000-100,000 search results on the ES please. Thanks a million

Need help with a solution for errors I get saying "unrecoverable in the server.....Python 3.x.... " when downloading ...

by Builder in

What is best as MS Azure Alerts Add-on for ES? There are 2 in Splunbase.com but with 0 installs. Please advise. Thx

I am looking for a great Alert manager Add-on for ES. To ingest MS Azure AD Alerts data into ES. There are 2 of them ...

by Builder in

stats command with data model and raw data does not works properly

Hi Splunkers, we have a behavior that we are not able to understand.The problem is the following: we are performing s...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Need help with steps for file monitoring on Windows server for Splunk use. I found the following link. Too generic. Thx

Error when polling TAXII feeds with Enterprise Security

Proofpoint ET or VirusTotal Adaptive Response action

How to pass Multiple Values in a single token of drilldown

Why shouldn't one copy or Synch Splunk Enterprise Reports to ES? It is not recommended why please? Thanks

External Reverse DNS Lookup

Is it possible, not to edit notable ownership once the notable already assigned to some other owner

Notable Event Triggers but Related Query Fails to Run

Is there a SPL to list the Reports that run on the Enterprise with errors / don't run due to the errors?

How do I Synchronizes Reports on the Splunk Enterprise with ES (Ent. security). Thx a million

Integration with Obstracts into ES (TAXII 2.1)

Splunk ES issue

Why does Splunk search less events in the last 30 days (950k) vs the last 7 days (24million)?

<host>:<port>/services/data/threat_intel/ endpoint not found

Requesting for Enterprise Security Trial to no avail

Exclude results from tstats

Splunk ES sandbox

Splunk Enterprise Security Incident_review very very slow

How to set up shared datamodels

Improve search performance

How do I find causes or Event processing errors I get on the ES please. Thx a mil.

[Bug] Download threat intelligence feed ignoring Timeout setting

Need help with a solution for errors I get downloading 60,000-100,000 search results on the ES please. Thanks a million

What is best as MS Azure Alerts Add-on for ES? There are 2 in Splunbase.com but with 0 installs. Please advise. Thx

stats command with data model and raw data does not works properly

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Enterprise Security Content Update (ESCU) | New Releases

How to insert ESCU detections via REST API into Sp...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions