Splunk Enterprise Security

Discussions

Thread Info

How do I configure a Splunk App to use a certain Index? Thank u in advance - Much appreciated.

I need to learn the process of configuring an app to use a certain Index please. Thank u

by Builder in

Alien Vault OTX check is not working

Hello sir,i just installed the add on "Alien vault check OTX" in my splunk enterprise.i have integrated my api key, b...

by New Member in

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incident

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incid...

by Explorer in

Use cases for AliCloud

We have onboarded Alicloud data in Splunk and looking for use cases creation. Is there any ALicloud use cases d...

by Path Finder in

Reduce notable events

Hello, we have created many custom correlation searches in our client's deployed instance. Right now they are creatin...

by Loves-to-Learn Everything in

Steby by Step Guide to use and build 'Summary Index'

Hello You all talented people out there, May I request someone to please help me with a reference link or a vid...

by Path Finder in

Please tell me how / where do I get an API key for Splunk apps like MITRE ATT&CK. Due to an error I get.

I get error messages in ES saying the the API Key for app called MITRE ATT&CK needed to be corrected. I really have t...

by Builder in

Splunk Searches delayed

Hi All, I would like to ask why do we encounter this notification: Root Cause(s): The percentage of high priority...

by Builder in

Issues with Detect New Local Admin Account notables

Hello all, Our Splunk enterprise security uses the following correlation search for the "Detect New Local Admin Ac...

by New Member in

Need help to add a field to my SPL to list reason for Failed skipped / Saved searches in ES. please see below. Thank u

I run the following to get a list of Saved / skipped searches thru the Monitoring console for my ES (Splunk ES). I ne...

by Builder in

use of metadata files under /etc/apps/appname/metada

what is the need of metadata files under /etc/apps/appname/metadata, why it is modified continuously? @all

by Loves-to-Learn Everything in

Device discovery query

Hello! I was asked to find what IP addressable devices are listening on port 80 on our network. Can I find this inf...

by Observer in

How to merge multiple lookup field values into single field value

Hi Folks, I have two lookup files which contain the user information such as username, email and company. for exa...

by Explorer in

Splunk ES - Detect Cleartext Passwords search not working

Hello, I have the below use case to detect Cleartext Passwords at rest | from datamodel:"Compute_Inventory"."Cle...

by Explorer in

REST API usage to get list of all the alerts

Hi Everyone, I would like to list all the alerts that are setup by users not by splunk apps like ITSI/DMC using RE...

by Engager in

How to identify TCP SYN scan activities of a particular ip address using splunk .

Hi there, I have splunk enterprise set up on my local machine. I was able to obtain network traffic from a particu...

by Loves-to-Learn in

How to fix splunkd "experiencing a problem" error in Splunk ES - Thank u in advance for any leads.

I am receiving "splunkd experiencing s problem" in ES. It says it might automatically improve or worsen. Thank u

by Builder in

Pleas help with an SPL to find the reason for saved / skipped searches in ES.

I have MC on the ES & tried my SPLs but need your help please. I need to find the apps, name of skipped searches & wh...

by Builder in

Splunk ES Incident Review Notable Events Don't Match Correlation Search

Hey Everyone, I wanted to see if anyone could help me with correlation searches firing and creating a notable event...

by New Member in

Enterprise Security 6.6.0 Incident review shows suppressed notables

Hello, we just updated ES from 6.4 to 6.6. The new incident review dashboard completely ignores suppressed events, ...

by Path Finder in

Adaptive Response Action Send email not sending results

We made a clean installation of on-prem Splunk Enterprise 8.0.9 and Enterprise Security 6.4.0. When correlation searc...

by Communicator in

Asset and Identity Management

I need help with adding an asset input stanza for the lookup source. I created a sample lookup that has the proper he...

by New Member in

How do I assign user permissions to all or some Data models in ES? Thank u very much in advance

If a saved search in ES data model. Should I be giving user permission to edit to the search & permission to the edit...

by Builder in

A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?

Started getting the following alert after installing ES in our environment. A threat intelligence download has fai...

by Explorer in

Error while assigning/ updating notable events.

Hi Folks, I am getting below error in the incident review dashboard and this error is persistent impacting operatio...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How do I configure a Splunk App to use a certain Index? Thank u in advance - Much appreciated.

Alien Vault OTX check is not working

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incident

Use cases for AliCloud

Reduce notable events

Steby by Step Guide to use and build 'Summary Index'

Please tell me how / where do I get an API key for Splunk apps like MITRE ATT&CK. Due to an error I get.

Splunk Searches delayed

Issues with Detect New Local Admin Account notables

Need help to add a field to my SPL to list reason for Failed skipped / Saved searches in ES. please see below. Thank u

use of metadata files under /etc/apps/appname/metada

Device discovery query

How to merge multiple lookup field values into single field value

Splunk ES - Detect Cleartext Passwords search not working

REST API usage to get list of all the alerts

How to identify TCP SYN scan activities of a particular ip address using splunk .

How to fix splunkd "experiencing a problem" error in Splunk ES - Thank u in advance for any leads.

Pleas help with an SPL to find the reason for saved / skipped searches in ES.

Splunk ES Incident Review Notable Events Don't Match Correlation Search

Enterprise Security 6.6.0 Incident review shows suppressed notables

Adaptive Response Action Send email not sending results

Asset and Identity Management

How do I assign user permissions to all or some Data models in ES? Thank u very much in advance

A threat intelligence download has failed...status="threat list download failed after multiple retries". How can I resolve this?

Error while assigning/ updating notable events.

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

How do I test/check to see if my new "local" ES Th...

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...