Hello everyone, I am trying to enable some basic detections that found from the SplunkSecurityEssentials app. We do have ES however; we are still in the process to getting all of our d...
Is it possible to import Splunk Enterprise Security and ESCU use cases into SplunkSecurityEssentials?
I want to be able to leverage the Cyber Kill Chain and Mitre ATT&CK views to measure e...
In the latest SplunkSecurityEssentials 3.4.0, and previous release the Data Inventory detection in CIM+Event Size Introspection starts a query that will never complete due to an unmatched p...
I've downloaded the splunksecurityessential files all into my laptop, but I can't figure out how to upload into into splunk enterprise as an app. What is my next step and where do I go to do this?
So we rebuilt out SHs aby completely blowing them out and started with a fresh 9.1.01 install. Then just for kicks before making a SH Cluster I installed the SplunkSecurityEssentials on o...
Start out with the top error which pops up in various places on splunksecurityessentials Then some post talk about editing what I believe to be the xml to say soomething about dashboard version 1...
I had encoutered an interesting question from my client/securitySME 1. Which one is better. To have SplunkSecurityEssentials or to retain Enterprise Security + Content updates? 2. Where are t...
Are the datasets that are included with SplunkSecurityEssentials updated dynamically or are they static? For example the ransomware_extensions_lookup.csv datasets.
Hi everyone I'm using SplunkSecurityEssentials and I have a problem with a macro : "get_identity4events(user)" the error in the search is : "Error in 'SearchParser': The search specifies a m...
Hi There, I am new to Splunk and have data coming in from just one server. I have tried running the basic brute force detection search, and receive thousands of events. I don't think this is a...