All Apps and Add-ons

ES Content Updates

Nurcan
New Member

How can we see the rules we developed in the ES Content Updates area? How can we define it on the product so that it can be seen on this screen by categorizing according to Cyber Kill Chain and MITER ATTACK Framework?

Nurcan_0-1626334238877.png

 

Labels (1)
0 Karma

efika
Communicator

Hi @Nurcan 

 

You will have wrap the rules you have developed inside an Analytic Story for it to be displayed in ESCU.

Go to Configure->Content Management-> Create New Content and choose Analytic Story.

The mapping to Cyber Kill Chain and MITER ATTACK Framework will be derived by the annotations you created for the Correlation Search.

 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...