do we have to create splunk usecase based on mitre...

Jana42855 · ‎09-24-2023

Hi All,

greetings for the day!

my manager asked me to create the usecase but I am new to splunk and know the basics of splunk.
1. so please guide me where to start and end to create the usecase.
2. is there any community for creating the usecasae.

Thanks,
Jana.P

Jana42855 · ‎09-25-2023

Hi VatsalJagani,

Thanks for the update.
it will be useful for the user who has admin access.
I am working in a organization and having only user access.
Could u please help me at my level how can i ;earn the usecase and where to start manually...

Thanks,

VatsalJagani · ‎09-25-2023

@Jana42855 - The document that I shared also contains the Splunk queries, which you may not be able to run on its own without installing the App as it will contain macros. But you will be able to run with some modifications.

Plus here is a GitHub repo for the same, which you can use to fetch more info about the use cases https://github.com/splunk/security_content

I would say pick one use case from the list (https://research.splunk.com/detections ) that you understand by looking at the name and spending time on it and you get all the generic concepts of implementing all security use cases.

I hope this helps!!!

VatsalJagani · ‎09-24-2023

@Jana42855 - Your work done. Use Content Update App from Splunkbase - https://splunkbase.splunk.com/app/3449

You can read about use cases inside the App from here - https://research.splunk.com/detections/

I hope this helps!!! Kindly upvote if it does!!!

do we have to create splunk usecase based on mitre attack

using Splunk Enterprise

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector