Splunk Enterprise Security

New Security Domain

shrutheen
Explorer

I want to add a new Security Domain called "Email" in Enterprise Security (ES) App and later map it to notables. Right now "Threat", "Network", "Identity" are among a few that are available. Is there a way to achieve this ?

0 Karma
1 Solution

skalliger
SplunkTrust
SplunkTrust

Hi,

yes, you can modify the lookup that is responsible for the available Security Domains (which is also the name of the lookup). Take a look here for an overview of the internal ES lookups: https://docs.splunk.com/Documentation/ES/5.3.1/Admin/Manageinternallookups

Skalli

View solution in original post

skalliger
SplunkTrust
SplunkTrust

Hi,

yes, you can modify the lookup that is responsible for the available Security Domains (which is also the name of the lookup). Take a look here for an overview of the internal ES lookups: https://docs.splunk.com/Documentation/ES/5.3.1/Admin/Manageinternallookups

Skalli

Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...