All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Security Essentials - Why is a large percentage of content appearing under Any Splunk Logs?

mjuestel2
Path Finder
‎08-23-2022 08:28 AM

I am in the process of mapping our use-cases that we have within Splunk / Enterprise Security to Mitre, and am also trying to organize them a bit.

I'm using Splunk Security Essentials 3.6 and have a question concerning Any Splunk Logs.

On the Content Introspection screen - some of my use-cases are organized into different categories such as AWS, Application Load Balance, Authentication, Anti-virus etc.

However, a large percentage of my content just appears under the Any Splunk Logs heading - how can I change this??

I even went back to the Data Inventory screen... and manually defined some of the indexes and sourcetypes to other categories, but nothing has changed.

 

Help!!

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...