Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk Enterprise Security?

Stefanie
Builder
‎12-09-2021 08:19 AM

At my current position, I took over for someone who didn't take care of Splunk & Enterprise Security.

It looked as if it was never configured fully (Just ran through the little beginning wizard and left it).

 

I've gotten familiar with making my way around Enterprise Security. But there are some items that were being detected that aren't anymore! It's only detecting inactive accounts. It used to detect much more before I upgraded Splunk Enterprise Security.

 

After installation, what should be configured? I installed the Security Essentials app and ran through the Data inventory check, it detected some things. How do I tell Enterprise Security to look at those indexes?

I'm guessing I need to configure the CIM app? I don't know what are my next steps.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...