Hello, I've been trying this app Splunk Security Essentials on a test instance of Splunk and I have difficulty setting content/use-case as "active". My main goal is to have a representation of all my existing production alerts on Mitre Att&ck matrice. I created use-cases in "Custom Content" and enabled exiting ones. On the "Manage Bookmarks" page I have few use-cases, all "Successfully Implemented", but when on the Mitre Overview page none is active, all content have "needs data" status : I'm sorry if I'm missing something obvious and thank you in advance for your support. Kind regards.
... View more