Splunk Enterprise Security

Discussions

Thread Info

Multisearching

Hi All, First post on here. Hopefully this makes sense and isn't overly convoluted. So, I have a datamodel correla...

by Engager in

How to create a search that shows if the last seen date was greater than 7 days

I've tried a few different things but they don't appear to be working. I have a log that gives out the last day and t...

by New Member in

Remove Health messages

Is it possible to remove the health warnings for certain users/roles from the top splunk bar? We have an error that w...

by Explorer in

Locate Missing Software

I am trying to run a search to locate specific missing software. I'm hitting a roadblock. I don't want to have to pul...

by New Member in

Forward logs from logz.io to Splunk

I am currently trying to ingest logs from one of our critical apps to Splunk Cloud. In working with my dev team, it a...

by Observer in

Splunk search for double file extension

I am trying to build a use case for files that have a double file extension since these can often be the source of ma...

by New Member in

Adding advanced tags for existing content in Splunk Security Essentials

Is there are a REST API endpoint, KVStore or lookup that can be used to add advanced tags to existing content in Splu...

by Path Finder in

Question RE: Enterprise Security Compatibility with Add-On for Microsoft Windows

We are planning an upgrade. Our current environment: Splunk Enterprise Core - 7.1.4Enterprise Security - 5.1.1 Spl...

by Communicator in

How does Kaspersky Anti Targeted Attack integrates with Splunk?

How does Kaspersky Anti Targeted Attack integrates with Splunk? Do I need to have Splunk Enterprise Security to be de...

by Splunk Employee in

Unable to export manged lookup csv in Splunk Enterprise Security

I have a custom lookup on my ES search-head. I have added it to manged lookups and it shows up fine in the Content Ma...

by Builder in

How to monitor azure storage data internally.

Have some security issues to connect through public end point from splunk-add-on for microsoft cloud service. I have ...

by New Member in

Need connection data for firewall cleanup

Hi Forum, I am in the process of cleaning up some old rules on our Palo Altos. The custom search function in the fire...

by New Member in

How to exclude CIDR range from Splunk Enterprise Security alert

We have a number of alerts in Splunk ES that are triggered by our external scanner. We want to be able to exclude our...

by Explorer in

splunk time stamp

Hello, When I'm looking at an event, there is a TIME field to the left column and then the actual event has it's o...

by Path Finder in

seckit_idm_windows_identities_nha lookup not populating the priority in Identities

We have the SecKit Windows Assets Add-on for Splunk Enterprise Security and the SecKit SA IDM Common install on our c...

by Path Finder in

To create correlation search

Hi , How to create custom correlation search is ES app. For eg: Traffic to suspicious country

by Builder in

can some one help which CIM model maps to below event

can you see if these events can fit into the Malware data model LogName=Application SourceName=Trend Micro OfficeScan...

by Explorer in

add on builder creates splunk apps that start with what

Hello Team, I am confused about SA , DA or TA as given in doc . "Splunk Enterprise Security The Splunk Enterpr...

by Explorer in

Create New Fields From Another Field with Varying Values

Hello All, Is there a way to create multiple fields from a single field separated by commas? But the number of va...

by New Member in

List of users on Linux and Windows clients, how we can get it?

Hi guys, Nothing comes to mind. How to get a list of users in operating systems using splunk forwarder?

by New Member in

How to remove unwanted data while indexing a CSV file?

I have a CSV file that has some data at the start of the file and in end. Like: ----BEGIN_RESPONSE_BODY_CSV "Date...

by Path Finder in

How can i use the client to exploit ransomware or virus?

How can i use the client to exploit ransomware or virus? in case i need to testing from client PC

by New Member in

How can I monitor network device or server on splunk ? like pingstatus command or something?

Hello everyone, I am a Rookie, I use splunk for linux,I tried running pingstatus command on splunk But I don’t know i...

by Loves-to-Learn Everything in

How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ?

We are current running the seckit for aws asset runs schedully to created aws assets lookup table. Now, for the el...

by Explorer in

Throttling of Notable Use-Cases in Splunk For "OR" Condition

Hi, Would like to find out if there is any option to throttle correlation searches rules for notables for > 1 fiel...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Multisearching

How to create a search that shows if the last seen date was greater than 7 days

Remove Health messages

Locate Missing Software

Forward logs from logz.io to Splunk

Splunk search for double file extension

Adding advanced tags for existing content in Splunk Security Essentials

Question RE: Enterprise Security Compatibility with Add-On for Microsoft Windows

How does Kaspersky Anti Targeted Attack integrates with Splunk?

Unable to export manged lookup csv in Splunk Enterprise Security

How to monitor azure storage data internally.

Need connection data for firewall cleanup

How to exclude CIDR range from Splunk Enterprise Security alert

splunk time stamp

seckit_idm_windows_identities_nha lookup not populating the priority in Identities

To create correlation search

can some one help which CIM model maps to below event

add on builder creates splunk apps that start with what

Create New Fields From Another Field with Varying Values

List of users on Linux and Windows clients, how we can get it?

How to remove unwanted data while indexing a CSV file?

How can i use the client to exploit ransomware or virus?

How can I monitor network device or server on splunk ? like pingstatus command or something?

How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ?

Throttling of Notable Use-Cases in Splunk For "OR" Condition

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code

Adding comment (link) to Next Steps (In an alert u...