Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there any ES Analytical Story or Usecase for Certificates and Alerts datamodel ?

damode
Motivator
‎01-28-2021 11:48 PM

Looking to find what ES usecases are there that use Certificate and/or Alert datamodels

Labels (1)
Labels
0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎01-29-2021 10:32 AM

In the Use Case Library... you can filter on the data model to see if there's a matching analytic story or use case: https://<splunk:port>/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/ess_use_case_library  
the filters are Framework Mapping, Data Model, App, In Use, Bookmarked

Docs:  https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Usecasecontentlibrary

0 Karma
Reply

damode
Motivator
‎01-31-2021 04:22 AM

I am aware of that and there are no use cases specific to Certificates and Alerts datamodel. I was wondering if anyone here has developed any use cases for these ?

0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎02-01-2021 09:08 AM

It probably depends on which version of the ES Content Updates app you have installed. I have 3.9.1.

I see ColdRoot MacOS RAT Analytic Story & Malware Use Case for Alerts.

I don't see any for Certificates. 

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...