Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise Security: How to view all the use cases?

danielbb
Motivator
‎08-16-2019 06:55 AM

I go to Configure > Content > Use Case Library.
It shows this nice page but I can't view all the use cases.
Meaning, setting all the filters to All and I still can't see the full listing of the use cases.

alt text

What am I missing? It only shows 3 Analytic Stories.

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lkutch_splunk
Splunk Employee
Splunk Employee
‎08-16-2019 09:44 AM

Hi,
Do you have ES Content Update installed?
"The ESCU analytic story content is available directly in Splunk ES through the use case library. If you do not have ESCU installed, you will see some analytic stories by default as well as a message prompting you to download and install the ESCU add-on for access to common security analytic stories."

https://docs.splunk.com/Documentation/ES/latest/Admin/Usecasecontentlibrary
https://splunkbase.splunk.com/app/3449/

View solution in original post

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎08-16-2019 11:13 AM

You might also download Splunk Security Essentials app, which also has use case summaries and hooks into ES.

Reply
Solved! Jump to solution
Solution

lkutch_splunk
Splunk Employee
Splunk Employee
‎08-16-2019 09:44 AM

Hi,
Do you have ES Content Update installed?
"The ESCU analytic story content is available directly in Splunk ES through the use case library. If you do not have ESCU installed, you will see some analytic stories by default as well as a message prompting you to download and install the ESCU add-on for access to common security analytic stories."

https://docs.splunk.com/Documentation/ES/latest/Admin/Usecasecontentlibrary
https://splunkbase.splunk.com/app/3449/

Reply
Solved! Jump to solution

danielbb
Motivator
‎09-12-2019 10:34 AM

The ES Content Updates app is installed here. Much appreciated @lkutch_splunk.

0 Karma
Reply
Solved! Jump to solution

danielbb
Motivator
‎08-16-2019 10:20 AM

Got it. I see the three analytic stories but not the message prompting me to download the add-on.

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...