Splunk Enterprise Security

Splunk Enterprise Security: How to view all the use cases?

danielbb
Motivator

I go to Configure > Content > Use Case Library.
It shows this nice page but I can't view all the use cases.
Meaning, setting all the filters to All and I still can't see the full listing of the use cases.

alt text

What am I missing? It only shows 3 Analytic Stories.

0 Karma
1 Solution

lkutch_splunk
Splunk Employee
Splunk Employee

Hi,
Do you have ES Content Update installed?
"The ESCU analytic story content is available directly in Splunk ES through the use case library. If you do not have ESCU installed, you will see some analytic stories by default as well as a message prompting you to download and install the ESCU add-on for access to common security analytic stories."

https://docs.splunk.com/Documentation/ES/latest/Admin/Usecasecontentlibrary
https://splunkbase.splunk.com/app/3449/

View solution in original post

woodcock
Esteemed Legend

You might also download Splunk Security Essentials app, which also has use case summaries and hooks into ES.

lkutch_splunk
Splunk Employee
Splunk Employee

Hi,
Do you have ES Content Update installed?
"The ESCU analytic story content is available directly in Splunk ES through the use case library. If you do not have ESCU installed, you will see some analytic stories by default as well as a message prompting you to download and install the ESCU add-on for access to common security analytic stories."

https://docs.splunk.com/Documentation/ES/latest/Admin/Usecasecontentlibrary
https://splunkbase.splunk.com/app/3449/

View solution in original post

danielbb
Motivator

The ES Content Updates app is installed here. Much appreciated @lkutch_splunk.

0 Karma

danielbb
Motivator

Got it. I see the three analytic stories but not the message prompting me to download the add-on.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.