Hello JG,
Do not enable all of them, you only want to enable the ones that fit your security use cases, and the data that you have in Splunk Enterprise Security. For example, if you have endpoint logs and care about malware infections, you can enable the correlation searches that pertain to malware activity detection. You have to understand the data in your system, then make a decision about which correlation searches to enable (and thus which alerts your analysts should see).
See more here: http://docs.splunk.com/Documentation/ES/4.5.0/User/ConfigureCorrelationSearches (this advice mostly applies even if you're not running 4.5.0)
Let me know if you have any questions!
Thanks,
Sarah
... View more