Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk Enterprise Security?

Stefanie
Builder
‎12-09-2021 08:19 AM

At my current position, I took over for someone who didn't take care of Splunk & Enterprise Security.

It looked as if it was never configured fully (Just ran through the little beginning wizard and left it).

 

I've gotten familiar with making my way around Enterprise Security. But there are some items that were being detected that aren't anymore! It's only detecting inactive accounts. It used to detect much more before I upgraded Splunk Enterprise Security.

 

After installation, what should be configured? I installed the Security Essentials app and ran through the Data inventory check, it detected some things. How do I tell Enterprise Security to look at those indexes?

I'm guessing I need to configure the CIM app? I don't know what are my next steps.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...