@inventsekar Could you please suggest on this.

We have already integrated linux, palo alto,SAP log sources. Just looking to create Linux, Palo alto, SAP use cases which is based on MITRE framework or any attack pattern use cases, as we don't have that much knowledge to create SPL use cases.

Hi @1ueshkil .. I did this UseCases bit long back.. so i got some confusions now. i am just giving you my educated guesses.. 

Let us know, if you have Security Essentials App - ( https://splunkbase.splunk.com/app/3435 )

>>> We have already integrated linux, palo alto,SAP log sources.
Nice. most of the problems solved. You no need to worry about data/logs required for the UseCase creation. Now you need to focus only on UseCase Creation

>>>Just looking to create Linux, Palo alto, SAP use cases which is based on MITRE framework or any attack pattern use cases, as we don't have that much knowledge to create SPL use cases.

Pls select a simple usecase to start with. Lets say DDOS attack on Linux systems. then we can try to work on the UseCase creation step by step. 

Yes it was installed.

@inventsekar Could you please suggest. Yes that app was installed. 

Hi,

Any kind of real time attacks - Unauthorized attacks, Malicious access attempts, Command and controller traffic, Inbound/outbound malicious traffic, port scanning, palo alto threat detected traffic etc....

may we know if you have a working splunk environment (splunk indexer(s), linux UF's already sending logs to indexer, required apps installed on SH, etc..) 

if yes, pls suggest us what things exactly you have.. 

OR

do you have nothing and you want to start from zero..