Splunk Enterprise Security

How to configure Splunk Enterprise Security?


At my current position, I took over for someone who didn't take care of Splunk & Enterprise Security.

It looked as if it was never configured fully (Just ran through the little beginning wizard and left it).


I've gotten familiar with making my way around Enterprise Security. But there are some items that were being detected that aren't anymore! It's only detecting inactive accounts. It used to detect much more before I upgraded Splunk Enterprise Security.


After installation, what should be configured? I installed the Security Essentials app and ran through the Data inventory check, it detected some things. How do I tell Enterprise Security to look at those indexes?

I'm guessing I need to configure the CIM app? I don't know what are my next steps.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...