Security Essentials not showing/mapping MITRE & cy...

Splunk Enterprise Security

When using Pplunks security essentials : MITRE ATT&CK Framework we are lacking a significant amount of alerts. we used to have around 1500 in active and 300 ish on needs data; however, overnight drop to the 200 mark total (between active and needs data) . The following troubleshooting steps have been taken

1. updated content with the "force update under system configuration".

2. verify communication to the urls (yes it can connect)

3. uninstall and reinstall current SSE version, this cleared the data mapping upon installed it showed enabled 0-active-0- missing data 1715:

after the weekend it dropped to 0-8-195

4. After i rebuilt the data inventory it looked as such:

Here are some SS of the security content:

1. shows content

2. drop down shows 12 mitre attack platforms but the dropdown is all 0;s

3. Some times the data sources would show a filter of none. with 1300+ items, like the item below 134, and sometimes it just doesnt appear.

4. MITRE map missing from the configuration tags

Get Updates on the Splunk Community!

Security Essentials not showing/mapping MITRE & cyber kill chain

administration

configuration

troubleshooting

using Enterprise Security

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation