Hello everyone, I am trying to enable some basic detections that found from the SplunkSecurity Essentials app. We do have ES however; we are still in the process to getting all of our d...
...internal" sourcetype=*content_management* But i am not getting any useful data with this query. Please kindly help me where all logs stored for content management(use cases) in Enterprise security...
I would like to map the SplunkSecurityContent from Enterprise Security (ES), Enterprise SecurityContent Update (ESCU), SplunkSecurity Essentials (SSE), and anything else to MITRE ATT&CK so t...
Hi All..
As you may be aware of Splunk's SecurityContent.. for example, for linux user creation https://research.splunk.com/endpoint/51fbcaf2-6259-11ec-b0f3-acde48001122/ on this, t...
I want to list all the 'Authentication' related content we have created in the ES App. Is there any SPL query to get this. Need to list all the dashboards, Notable Events etc... of Authentication t...
We just recently upgraded to the latest version of ES 4.7.2 from 4.5.2 However after upgrading the page content management doesn't yield any results (see screenshot).
It stays in the "Retrieving s...
Hi everyone,
I have Splunk App for Enterprise Security, and i want to integrate it with Active Directory. I already have a dynamic lookup with assets from AD, but i want to detectsecurity e...