Splunk Enterprise Security

How does ESCU app exactly maps Analytical Stories against CIS Controls ?


Some context here - When I go to ESCU app and filter down the analytical stories based on CIS control 4, it shows me 6 stories all of which specifically address a certain use case. But I am having trouble understanding how a usecase is relevant to CIS 4 control.

Take for e.g. Spectre And Meltdown Vulnerabilities maps to control 4.

The only relevant  sub-controls under 4 that can be detected using ES I found were:

Log and Alert on Changes to Administrative Group Membership and Log and Alert on Unsuccessful Administrative Account Login.

Can anyone please help understand how is the analytical story relevant to 

0 Karma