Just downloaded the latest version of ES Content Update app and noticed the following message: Explore the Analytic Stories included with SplunkSecurity via ES Use Case Library or&n...
Hi helpful people,
I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)
For eg, malicious src connecting with internal IP'...
Splunk Enterprise Content Updates has this AnalyticStory: Account Monitoring and Controls. It contains a savedsearch (?) named "ESCU - Detect Excessive Account Lockouts From Endpoint - Rule".
T...
I am about to upgrade the Security Essentials App (Installed on ES) to it's most current version 3.4.0. I read that Security Essentials depends on ES content update App. The question is do I need t...
Is there are a REST API endpoint, KVStore or lookup that can be used to add advanced tags to existing content in SplunkSecurity Essentials as opposed to only custom content?
Currently d...
...ethod to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts. When Splunk customers use RBA, they see a 50% to 90% r...