Splunk Enterprise Security

Discussions

Thread Info

Splunk Integration with CAUIM monitoring tools

Hi There Experts , In our current environment we have Splunk Integration with CA UIM monitoring tools to send Splu...

by Loves-to-Learn in

Looking for O365 use cases in Splunk

I am looking for O365 use cases related to MS teams, Sharepoint, Exchange , One drive, Currently data is populate in ...

by Path Finder in

Can I create out of box use cases from Splunk CIM data models ?

Is it possible to use data models from Common Information Model to use cases in splunk, if so, how can we do that

by New Member in

Default Threat Intelligence feeds not visible in ES

Hello,As per ES official documentation, it says below threat intel feeds are enabled by default. Mozill...

by Builder in

Splunk correlation search with throttling generating duplicates on an ES clustered environment

We recently moved from a stand-alone ES splunk search head to a clustered splunk ES search head, and we've started to...

by Contributor in

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

What is the latest stable release of splunk 8.x? We are planning a version upgrade from 7.3.5 to 8.x. I have heard ...

by Communicator in

How to remove the unwanted threat group and threat category list from the dropdown of the threat activity feed? And also how to remove the data from ip_intel list ?

HI Splunkers, In our environment, We have couple of unwanted threat groups and threat category list populated in t...

by Path Finder in

Can I convert duration in minutes into days, hours, minutes

Hi, I have a final value in minutes, but I'd like to display this in a more user friendly manner, i.e; 1680 min...

by Path Finder in

Status Changing on Old Notable Events

When we create new alerts for testing, we have the correlation search create the notable event with a status of "Test...

by Engager in

ServiceNow Event Integration

Hi Splunkers, How to create Incidents on SNOW from Splunk SPL? We have "ServiceNow Event Integration" alert action in...

by Explorer in

updated to newer SES version = added step when editing a notable :(

so before the update (was v6.4.1) we would edit the incident in 'incident review' -> add a comment or change some st...

by New Member in

Setup Validation & Review

Hi All,Any advice on how to go about finding coverage gaps in a typical ES installation ?We r ingesting logs from AWS...

by Builder in

In Intelligence Downloads setting what is Maximum age?

When I configuring threat feeds in ES . In Intelligence Downloads setting there is Maximum age for threat intel dow...

by Loves-to-Learn Lots in

How do I configure MC to show me the Alerts & warnings I get on the Enterprise Security (ES)? Thanks a million.

I have Monitoring Console in distributed mode on my Cluster Master. Need to learn how do I configure it to show Alert...

by Builder in

How to know where a particular eventtype is used ?

I have an eventtype that I want to delete, But before that I want to make sure that the eventtype isn't used anywhere...

by Contributor in

Merge similar Notable events into one under Incident Review

Hi All,Under Incident Review, is there a way to merge/consolidate triggered alerts of the same type and same host in...

by Builder in

Edit Action Dropdown on a notable event

I am trying to add a dashboard to the action dropdown when you are in incident review under specific notables. How do...

by Engager in

Enerprise Security posture is empty

I have installed Enterprise Security App. I review Security Domain, in particular, Access and Network sections and...

by Explorer in

Upload Threat Intelligence not working

Hi, I'm trying to upload a simple list of malicious filenames into ES Threat Intel. I have a csv file which I for...

by Builder in

Splunk Enterprise Security: How to retrieve ldap assets information?

I tried to retrieve assets information of ldap so I used the search (I know that I must not to use search nt_host...)...

by Explorer in

How to get a notable event's drilldown URL

We're currently using Splunk ES, and would like to grab the link to a notable event's drilldown link on the ES Incide...

by Explorer in

Enterprise Security - Malware Operations - Clients By Product Version

Hello! Can anyone please lend a hand with this issue? I'm still fairly new to this and am working my way through Fund...

by Explorer in

Why is "Threat file_intel" not capturing hash values from the Splunk search result?

Hello, I wanted to reach out to you for assistance on Splunk ES threat_intel searches. Objective: We have endpo...

by Explorer in

Cannot Set Up Splunk Enterprise Security Sandbox

Hi, I want to set up my 7-day trial Splunk Enterprise Security Sandbox. But when I click the start trial. I am get...

by New Member in

Windows Data Mapping to the Update Data Model

I'm in the process of implementing Splunk ES. We are using the Splunk_TA_windows and use the generate_windows_update...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk Integration with CAUIM monitoring tools

Looking for O365 use cases in Splunk

Can I create out of box use cases from Splunk CIM data models ?

Default Threat Intelligence feeds not visible in ES

Splunk correlation search with throttling generating duplicates on an ES clustered environment

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

How to remove the unwanted threat group and threat category list from the dropdown of the threat activity feed? And also how to remove the data from ip_intel list ?

Can I convert duration in minutes into days, hours, minutes

Status Changing on Old Notable Events

ServiceNow Event Integration

updated to newer SES version = added step when editing a notable :(

Setup Validation & Review

In Intelligence Downloads setting what is Maximum age?

How do I configure MC to show me the Alerts & warnings I get on the Enterprise Security (ES)? Thanks a million.

How to know where a particular eventtype is used ?

Merge similar Notable events into one under Incident Review

Edit Action Dropdown on a notable event

Enerprise Security posture is empty

Upload Threat Intelligence not working

Splunk Enterprise Security: How to retrieve ldap assets information?

How to get a notable event's drilldown URL

Enterprise Security - Malware Operations - Clients By Product Version

Why is "Threat file_intel" not capturing hash values from the Splunk search result?

Cannot Set Up Splunk Enterprise Security Sandbox

Windows Data Mapping to the Update Data Model

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...