Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to generate a report based on utilisation of Enterprise Security

cYcJo7
Engager
‎01-18-2024 03:15 AM

Hello,

 

is it possible to analyse the utilisation of enterprise security, I assume it is currently not used in our company, but I would like to be able to prove this in statistics

 

Thanks

Pad

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎01-18-2024 04:45 AM

Again - there are several different approaches you can have about "using ES" but what I'd do to get a rough idea if the solution is indeed being used:

1. Check if it's configured - are there correlation searches defined, are there user/asset mappings defined/synchronised, are sources decently onboarded (CIM-compliant)

2. Does anyone actually open ES app views in webui (you should be able to find it in internal logs).

3. What is the status of your notables and investigations - do you see any traces of anyone working on them?

4. What is the version of your ESCU app? How long ago it's been updated?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

cYcJo7
Engager
‎01-19-2024 12:39 AM

Thank you very much, that has helped me.

Have a good one

0 Karma
Reply
Solved! Jump to solution

cYcJo7
Engager
‎01-18-2024 03:34 AM

Thank you for your quick reply, I would like to know if Enterprise security is used at all in our company. So is it used 1-2 times a year or has it only been used 10 times in the last 3 months?

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-18-2024 03:29 AM

#define <utilisation> please

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎01-18-2024 04:45 AM

Again - there are several different approaches you can have about "using ES" but what I'd do to get a rough idea if the solution is indeed being used:

1. Check if it's configured - are there correlation searches defined, are there user/asset mappings defined/synchronised, are sources decently onboarded (CIM-compliant)

2. Does anyone actually open ES app views in webui (you should be able to find it in internal logs).

3. What is the status of your notables and investigations - do you see any traces of anyone working on them?

4. What is the version of your ESCU app? How long ago it's been updated?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...