...internal" sourcetype=*content_management* But i am not getting any useful data with this query. Please kindly help me where all logs stored for content management(use cases) in Enterprise security...
I would like to map the SplunkSecurityContent from Enterprise Security (ES), Enterprise SecurityContent Update (ESCU), SplunkSecurity Essentials (SSE), and anything else to MITRE ATT&CK so t...
Hi All..
As you may be aware of Splunk's SecurityContent.. for example, for linux user creation https://research.splunk.com/endpoint/51fbcaf2-6259-11ec-b0f3-acde48001122/ on this, t...
I want to list all the 'Authentication' related content we have created in the ES App. Is there any SPL query to get this. Need to list all the dashboards, Notable Events etc... of Authentication t...
We just recently upgraded to the latest version of ES 4.7.2 from 4.5.2 However after upgrading the page content management doesn't yield any results (see screenshot).
It stays in the "Retrieving s...
I had encoutered an interesting question from my client/security SME 1. Which one is better. To have SplunkSecurity Essentials or to retain Enterprise Security + Content updates? 2. Where are t...
Hi,
We recently deployed ES Version 4.5.0 via Deployer to the Search Head Cluster. While testing on a stand-alone server, we can see the correlations being loaded under Configure -> Content M...
...hreatIntelligence/correlation_searches/get_searches' was not found.' with 'Page not found!' for security reasons"
This happens when I want to open the "Content Management" Page in the Security Enterprise Security...