Hello everyone, I am trying to enable some basic detections that found from the SplunkSecurityEssentials app. We do have ES however; we are still in the process to getting all of our d...
Is it possible to import Splunk Enterprise Security and ESCU use cases into SplunkSecurityEssentials?
I want to be able to leverage the Cyber Kill Chain and Mitre ATT&CK views to measure e...
In the latest SplunkSecurityEssentials 3.4.0, and previous release the Data Inventory detection in CIM+Event Size Introspection starts a query that will never complete due to an unmatched p...
I've downloaded the splunksecurityessential files all into my laptop, but I can't figure out how to upload into into splunk enterprise as an app. What is my next step and where do I go to do this?
So we rebuilt out SHs aby completely blowing them out and started with a fresh 9.1.01 install. Then just for kicks before making a SH Cluster I installed the SplunkSecurityEssentials on o...
Start out with the top error which pops up in various places on splunksecurityessentials Then some post talk about editing what I believe to be the xml to say soomething about dashboard version 1...
...o fit our environment. On other hand, SplunksecurityEssentials, we couldn't figure out where the rules exist and modify them. Any ideas how to get the detection rules ofSplunkEssentials? Also w...
Are the datasets that are included with SplunkSecurityEssentials updated dynamically or are they static? For example the ransomware_extensions_lookup.csv datasets.
Hi There, I am new to Splunk and have data coming in from just one server. I have tried running the basic brute force detection search, and receive thousands of events. I don't think this is a...
Hi everyone I'm using SplunkSecurityEssentials and I have a problem with a macro : "get_identity4events(user)" the error in the search is : "Error in 'SearchParser': The search specifies a m...