Splunk Enterprise Security

How does ESCU app exactly maps Analytical Stories against CIS Controls ?

damode
Motivator

Some context here - When I go to ESCU app and filter down the analytical stories based on CIS control 4, it shows me 6 stories all of which specifically address a certain use case. But I am having trouble understanding how a usecase is relevant to CIS 4 control.

Take for e.g. Spectre And Meltdown Vulnerabilities maps to control 4.

The only relevant  sub-controls under 4 that can be detected using ES I found were:

Log and Alert on Changes to Administrative Group Membership and Log and Alert on Unsuccessful Administrative Account Login.

Can anyone please help understand how is the analytical story relevant to 

0 Karma
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...