I had encoutered an interesting question from my client/security SME 1. Which one is better. To have SplunkSecurity Essentials or to retain EnterpriseSecurity + Content updates? 2. Where are t...
I have a custom lookup on my ES search-head. I have added it to manged lookups and it shows up fine in the Content Management Dashboard. However When I try to export it asanapp i. e. I select it an...
Hi,
I'm trying to get Cisco ASA firewall logs into the EnterpriseSecurityapp. Is there an add-on for that, Splunk for Cisco ASA, or is it only supported in Cisco Security Suite?
Thanks,
Volto
I have installed EnterpriseSecurityApp. I review Security Domain, in particular, Access and Network sections and I see many events coming from my AD, Office 365, and Firewalls. However,&n...
I want to create a scheduled search that will track the changes made in content under SplunkEnterprisesecurityapp. If someone modifies correlation searches i want my query to capture it. Can t...
Just downloaded the latest version of ES Content Update appand noticed the following message: Explore the Analytic Stories included with SplunkSecurity via ES Use Case Library or&n...
Hi,
I am trying to add a tag for my logs to be CIM compliant/use in Email datamodel.
The tag does being applied in "Search&Reporting" app, however, it is not applied to my other apps e.g. Enterprise...
I would like to map the SplunkSecurityContentfromEnterpriseSecurity (ES), EnterpriseSecurityContent Update (ESCU), SplunkSecurity Essentials (SSE), and anything else to MITRE ATT&CK so t...