I had encoutered an interesting question from my client/security SME 1. Which one is better. To have Splunk Security Essentials or to retain Enterprise Security + Contentupdates? 2. Where are t...
I am about to upgrade the Security Essentials App (Installed on ES) to it's most current version 3.4.0. I read that Security Essentials depends on ES contentupdate App. The question is do I need t...
Please help me with learning What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES contentupdatesApps? I have posted this before but still not clear to me. I app...
First of all, sorry for my english.
When Splunk deployment server (6.1.4 version) updatesapps on deployment clients also update excluded files. I've defined excluding in serverclass.conf app s...
Hi helpful people,
I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)
For eg, malicious src connecting with internal IP'...
I found this search in ES ContentUpdates
| tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Network_Traffic where All_Traffic.app=tor AND A...