Hi all, I have the SplunkSecurityEssentials app installed and configured. I am trying to understand how the app determine if a rule has data or not, because there are rules that do h...
...imits" , "Exfil over Alternate Protocol" etc.
For example: In SSE, the example "Sources Sending a High Volume of DNS Traffic" mapped to MITRE ATT&CK's DataExfiltration. Splunk reports o...
Hi Team, We are trying to get data on boarded to splunksecurityessentials. We do not have a clear visibility to the functioning of the app, I have now onboarded DNS data onto my SplunkIndexer u...
Hello I would like to create multiple new custom data source categories to use them in a Partner Integration app on SplunkSecurityEssentials. I already read this documentation, then I w...
Our organization has SplunkSecurityEssentials app and our end goal is to map the data source to the MITRE Framework The issue is that the live data which was added manually in the datainventory t...
...ehind the ITSI paywall. What I'm wondering (mainly from a security perspective), is if there's equivalent apps that Splunk (or third parties, or even individuals) have developed to visualize n...
Hello everyone, I am trying to enable some basic detections that found from the SplunkSecurityEssentials app. We do have ES however; we are still in the process to getting all of our data...
...ookup table 'isWindowsSystemFile_lookup' does not exist or is not available. The isWindowsSystemFile_lookup is provided by SplunkSecurityEssentials. Hmm, I'm on splunk cloud. Thanks, K...
I would like to map the SplunkSecurity Content from Enterprise Security (ES), Enterprise Security Content Update (ESCU), SplunkSecurityEssentials (SSE), and anything else to MITRE ATT&CK so t...
...orwarder. I was attempting to make use of a search via SplunkSecurityEssentials and saw the following:
Unfortunately, when trying to find help online or on Splunk Docs, I only saw solutions about c...