Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Error in 'apply' command: Failed to load model "smb_pdfmodel": Model does not exist.

I tried to enable some use cases from Splunk ESCU and then I copied SPL command and run searching to test. It seems ...

by Splunk Employee in

Workflows dependent on the content of a field

I am working on improving usage of the risk framework within our instance of Splunk ES. At present there are a numb...

by Communicator in

accelerated datamodels API query

Hi Need you help with API query for getting accelerated datamodels statistics (usage and size) thanks!

by Explorer in

Spontaneous "Health Check" error messages reported on ES Search Head regardng "maxmind_geoip_asn_ipv6" failed download?

We are getting the following errors on our Enterprise Security Search Head and are wondering why and how to fix them:...

by Esteemed Legend in

I want to send the event_id of the notable event to jira service desk.

Hello I am trying to send the notable event to jira service desk Data fields such as rule name are transmitted no...

by Loves-to-Learn Lots in

Setup the Threat feed integration in ES

We are Planning to set up Threat feed integrate in ES, We have installed crowdstrike Intel add on and now need to set...

by Path Finder in

Splunk ES Content Updates- Keeping it up to date

I need to allow the Splunk ES SH to access the Internet to allow the Splunk ES Use Cases / Content updates to be upda...

by Engager in

adding Threat feed to Enterprise Security

How Can I add a subnet or CIDR to ip intel threat intelligence lookup?

by Path Finder in

FS-ISAC Feeds Not Showing in Threat Artifacts

Good day, I have enabled FS-ISAC Threat Intelligence feed to our environment. I've confirmed that the feed was suc...

by Communicator in

Endpoint Data Model doesn't exist

Hi We're using splunk Enterprise Security V5.1.0. When i search in data models list, i can't find "Endpoint" data m...

by Engager in

Eventgen not taking my txt file from sample directory

Hi Everyone, I've added a txt file to SA-Eventgen sample folder and wrote the configuration in the eventgen.conf fi...

by Explorer in

Monitor network traffic

HI I would like to log network traffic for 10 servers in my environment for period of 60 day's and analyze it late...

by Engager in

Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

I tried to log into slunk enterprise and was told by 2 web browsers chrome and edge that the security certificate had...

by Explorer in

port scan across multiple "_time" spans

Hi all, using the following: ${index+sourcetype-information} NOT src_ip IN ("10.*","127.*","192.168.*","172.16.0.0/...

by Loves-to-Learn Lots in

Clarification on search query to detect outliers

Hello fellow splunkers, I would like to ask you something regarding the function that most of the al...

by Explorer in

ES Sandbox is not available

Hi, I went through the creation process of ES sandbox, but I haven't received any mail about the created sandbox. B...

by Engager in

Want help in creating Splunk Query with specific conditions?

Hi Splunk Members, Good Day! I am looking for support to create a query with Windows Security Events Logs. Basica...

by Engager in

Restrictions filter - Role restrict search

I created a Role with the following restriction: 1- origen::chile OR ( index::_audit AND user="secchi") But still...

by Loves-to-Learn Lots in

Using Authentication for Enterprise Security Threat Intelligence Feeds

Hey guys, I'm trying to add new threat feeds via ES Threat Intel Download. One of the feeds requires API token aut...

by Engager in

What are the CIM fields created by the Windows TA?

Hi, I´m looking for a list of all CIM fileds that are created by the Windows TA... I can´t find any doku... T...

by Path Finder in

Possible for one Splunk ES for different Splunk Enterprise?

Hi, Currently, my company has 2 sites (let's say Site A and Site B), and each of them have their own Splunk Enterpr...

by New Member in

STIX TAXII Data Not Showing On Some Days

The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did...

by New Member in

How to apply Throttling based on a condition for a notable event generation?

Requirement 1 :Eg : I have a correlation search which generates , 2000 events with in 24 hours with the same Title "I...

by Path Finder in

Azure query

Hello I have this query: "| tstats `summariesonly` values(Authentication.app) as app,count from datamodel...

by Explorer in