I'm looking for some Splunk Enterprise Security tips, maybe in the form of a cheatsheeet.Specific topics of interest:1. Recommended 'base apps' for ES, eg:
2. Some sort of validator for apps/addons for all required sourcetypes, and info on which peer to install them on.
3. And finally ways to quickly validate logs eg:
I would greatly appreciate your feedback and better ways to validate your ES installation.