Security

correlation searches

tuts
Path Finder

Peace be upon you. I am now running correlation searches and I do not have data to fully test them. I want to activate them in order to protect the company from any attack. I have MITRE ATT&CK Compliance
Security Content
But I do not know where to start and how to arrange myself
I hope for advice

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @tuts ,

are you speaking of Enterprise Security?

Anyway, if you install the Splunk Security Essentials App (https://splunkbase.splunk.com/app/3435) you have all the available Correlation Searches and for each one there's s test data set that you can use.

Ciao.

Giuseppe

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...