Splunk Enterprise Security

Discussions

Thread Info

Correlation Search does not fire an email or notable when it should

I have this correction search we use to help detect common potential web attacks in IIS logs. The problem is that whi...

by New Member in

Security Essentials not showing/mapping MITRE & cyber kill chain

When using Pplunks security essentials : MITRE ATT&CK Framework we are lacking a significant amount of alerts....

by Engager in

Are there plans to make the Bit9 Security Platform CIM Compliant?

Are there any future plans to make this app CIM compliant? We are using the Enterprise Security app which requires al...

by Path Finder in

Splunk Cloud Hybrid Infrastructure

So I have Splunk Cloud, but we still use a Heavy Forwarder, Universal Forwarder and a Deployment server. The UF serve...

by Explorer in

MS SQL Audit files not parsing

Hi all,I am trying to integrate MS SQL audit log data with a UF instead of DB Connect.What is the best and recommende...

by Explorer in

how do I make splunk es to check my uploaded logs

I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data) but...

by Observer in

Duplicate cases in SOAR

After pulling cases from ES to Phantom a certain label is assigned to the event , later it is automatically promoted ...

by New Member in

Invalid message type: 28 during Splunk ES 7.1 Upgrade

Getting this error via UI upgrade to Splunk 7.1: Invalid message type: 28 We're on version 9.0.4. Previous upgrad...

by Contributor in

Splunk not taking updated certificate server.pem

We noticed this morning that all the certificates for our Splunk servers are expired since a week (discovered whilst ...

by Explorer in

How to get a Full Encoded Command from a Notable

We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists th...

by New Member in

Add Notable Event to an ES Investigation using the API

I would like to have an investigation created with a notable event recorded in there using the API. I've been tryin...

by Path Finder in

Help creating a table that shows Incident Review Mean Time to Triage for each type of notable per notable owner

Hello, This is my first time seeking help in a forum, I apologize if my ask is confusing. I'm looking...

by Explorer in

SOC Analyst's work with Splunk ES

Hello, Splunkers! I hope there are some SOC analysts around who are using Splunk Enterprise and Splunk ES in their ...

by Path Finder in

Read Only Executive Summary Splunk ES

Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summar...

by Explorer in

Splunk App for Enterprise Security: How to edit the Threat Intelligience Data Model to include a field within the sourcetype?

So within the Enterprise Security App, there is the built-in threat activity dashboard. One of panels shows your sour...

by Communicator in

Splunk Enterprise Security Correlation Searches resources consumption

Hello Splunk community! I have started my journey with splunk one month ago and I am currently learning Splunk Enterp...

by Path Finder in

Splunk Enterprise Security -> Incident Review -> What capability is required to "Edit Selected"

In the Incident Review panel, we select a Notable Event, click on Edit Selected and a form pops up. I chose the first...

by Contributor in

Difference between ES Permissions page and Splunk native edit role page

Hello, does editing ES roles on Permissions page is same as editing ES roles in Splunk's native edit role page? I...

by Motivator in

Integrate SIEM in Splunk soar

App started successfully (id: 1712665900147) on asset: Loaded action execution configuration ...

by New Member in

Searching Notable Events via ShortID

Hi all, Since the redesign of the new Incident Review page, we appear to have lost the ability to search for Notables...

by New Member in

Use Case

Do we have any content to detect "Moniker Link" - CVE-2024-21413

by New Member in

I'd like to format the Notable Event Description with spaces, bolding, and italics

I've tried using html codes like <p> or <b>test</b> and it makes no difference. I'd like to format a much more compl...

by Contributor in

Incomplete search reults error

I am getting this error, may have returned partial results try running your search again.if you see this error repe...

by Explorer in

Data Model Acceleration Issue in ES Instance

Hello Splunkers, I'm encountering an issue with data model acceleration in my ES instance . A few weeks ago, I enab...

by Explorer in

Input Lookup: Compare previous version of input lookup to current version using SPL

Is there currently a capability in Splunk that will allow us search and compare the previous version of an input look...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Correlation Search does not fire an email or notable when it should

Security Essentials not showing/mapping MITRE & cyber kill chain

Are there plans to make the Bit9 Security Platform CIM Compliant?

Splunk Cloud Hybrid Infrastructure

MS SQL Audit files not parsing

how do I make splunk es to check my uploaded logs

Duplicate cases in SOAR

Invalid message type: 28 during Splunk ES 7.1 Upgrade

Splunk not taking updated certificate server.pem

How to get a Full Encoded Command from a Notable

Add Notable Event to an ES Investigation using the API

Help creating a table that shows Incident Review Mean Time to Triage for each type of notable per notable owner

SOC Analyst's work with Splunk ES

Read Only Executive Summary Splunk ES

Splunk App for Enterprise Security: How to edit the Threat Intelligience Data Model to include a field within the sourcetype?

Splunk Enterprise Security Correlation Searches resources consumption

Splunk Enterprise Security -> Incident Review -> What capability is required to "Edit Selected"

Difference between ES Permissions page and Splunk native edit role page

Integrate SIEM in Splunk soar

Searching Notable Events via ShortID

Use Case

I'd like to format the Notable Event Description with spaces, bolding, and italics

Incomplete search reults error

Data Model Acceleration Issue in ES Instance

Input Lookup: Compare previous version of input lookup to current version using SPL

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...