Hello Team,
In our environment, we have created use cases in the content management in Splunk ES. We want to know the query to search for the logs if anyone with Admin access made any changes in t...
...here are 2 macros they use.. one macro is:
https://github.com/splunk/security_content/blob/develop/macros/security_content_summariesonly.yml
actually howto implement/create this macro please.&n...
I go to Configure > Content > Use Case Library.
It shows this nice page but I can't view all the use cases.
Meaning, setting all the filters to All and I still can't see the full l...
Hi, I am trying to create a daily alert to email the contents of the Security Posture dashboard to a recipient. Can someone please share how I can turn the content of this Dashboard from Splunk E...
I would like to map the SplunkSecurityContent from Enterprise Security (ES), Enterprise SecurityContent Update (ESCU), SplunkSecurity Essentials (SSE), and anything else to MITRE ATT&CK so t...
Splunk Enterprise Content Updates has this Analytic Story: Account Monitoring and Controls. It contains a savedsearch (?) named "ESCU - Detect Excessive Account Lockouts From Endpoint - Rule".
T...
....com/Documentation/ES/5.2.2/Install/ImportCustomApps#Import_add-ons_with_a_different_naming_convention) on howto install Custom Apps, in this case MLTK. The problem is, the same ES User Guide f...
Hello everyone, I am trying to enable some basic detections that found from the SplunkSecurity Essentials app. We do have ES however; we are still in the process to getting all of our d...
I want to list all the 'Authentication' related content we have created in the ES App. Is there any SPL query to get this. Need to list all the dashboards, Notable Events etc... of Authentication t...