Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Hey Splunk friends, Very new customers to splunk. Trying to find an easy way to create JIRA tickets from noteable...

by New Member in

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

Hello, We need to develop a Correlation Search to implement this algorithm : If a specific custom event (here tag...

by Explorer in

how to give data to the Splunk Enterprise security app in the splunk

Hello, I have the Splunk ES app in my splunk enterprise. but i can't see the data in my splunk enterprise security ...

by Explorer in

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

So I'm sorry if this is a rather stupid question, but I have been thrown into creating a dashboard and I've only take...

by Path Finder in

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Please advise on a Strategy dealing with increasing number of skipped / saved / deferred searches in Enterprise Secur...

by Builder in

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Can anyone let me know why I am getting this error? | rex field=url "(?\w+\.\w+)\/" [| inputlookup IOCs-URLs.c...

by New Member in

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u ...

by Builder in

Error after update - Threat Intel

Hello, After updating SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management ...

by Explorer in

Need help with reconfiguring LM and DMC on rebuilt linux server

We did rebuild existing server that hosted LM and DMC. I did install latest splunk on the rebuilt server. Copied conf...

by Communicator in

Is there a way to have a duration value account for weekends

So in python coding you can use rrule to assign weekends in weeks and subtract them from your calculation. I ask bec...

by Path Finder in

How do I search for rogue Server added to my environment including info about the Hacker(s)

by Builder in

firewall use cases

hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance 

by Path Finder in

no latest update for ESCU

I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b...

by Engager in

Find difference in days between today and another date

Hi, I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's da...

by Path Finder in

Risk Based alerting in SPLUNK ES

I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...

by Loves-to-Learn Lots in

How to convert hours into days

Hi, I have the following duration format that i'd like to convert into days. Initial Format Desired...

by Path Finder in

Splunk ES Notable events not getting triggered

Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtr...

by Engager in

How to combine two fields values into one

Hi, I have the following table: status count CANCELLED ...

by Path Finder in

Correlation searches scheduling to overcome downtimes and event delays

Hello, Hello, Any suggestions on how to configure the correlation search schedule in a way that will not ...

by Observer in

Threatlist scheme error - unable to initialize modular input

Hello, There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel f...

by Explorer in

Does Splunk automatically tag identities with watchlist?

We recently had Splunk PS help set up ES in our environment, but all of the managed look-ups the PS person created no...

by New Member in

Splunk Event Log is Gibberish

I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id...

by New Member in

non-owner mailbox access for Microsoft Exchange

we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th...

by Communicator in

How to ignore unknown objects in Risk adaptive response?

Hi, There're some incidents hit my threat intelligence IP, e.g. dest. That's why Threat Activity notable event is t...

by Explorer in

Notable events ES

Hi Folks, I have one question, it's possible add an response action when the notable event change status? Example...

by Motivator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

how to give data to the Splunk Enterprise security app in the splunk

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Error after update - Threat Intel

Need help with reconfiguring LM and DMC on rebuilt linux server

Is there a way to have a duration value account for weekends

How do I search for rogue Server added to my environment including info about the Hacker(s)

firewall use cases

no latest update for ESCU

Find difference in days between today and another date

Risk Based alerting in SPLUNK ES

How to convert hours into days

Splunk ES Notable events not getting triggered

How to combine two fields values into one

Correlation searches scheduling to overcome downtimes and event delays

Threatlist scheme error - unable to initialize modular input

Does Splunk automatically tag identities with watchlist?

Splunk Event Log is Gibberish

non-owner mailbox access for Microsoft Exchange

How to ignore unknown objects in Risk adaptive response?

Notable events ES

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...