Just downloaded the latest version of ES Content Update app and noticed the following message: Explore the AnalyticStories included with Splunk Security via ES Use Case Library or&n...
...inEventLog:Microsoft-Windows-Sysmon/Operational
while If I use AnalyticStory: Domain Account Discovery With Net App that use datamodel Endpoint, no events returned. It seems that e...
Hi fellow Splunkers,
I've stumbled upon a cool piece of code, namely the ASX app that allows you to load configurations from Splunk's security content API and run/schedule analyticstories in the c...
Hi helpful people,
I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)
For eg, malicious src connecting with internal I...