×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
cseiler-gmp
New Member
Member since: a week ago
a week ago
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-11-2026
Topics I've Started
View All

Re: Bulk update ESCU detections

by in Splunk Enterprise Security
a week ago
a week ago
Currently just enabling them via Enterprise Security Content Management UI, not cloning them out unless we have a very specific logic change that would need to be made for our environment. The searches are still knowledge objects owned by ESCU. ... View more

Bulk update ESCU detections

by in Splunk Enterprise Security
a week ago
a week ago
Is there a way to bulk update enabled ESCU detections when a new version with a lot of metadata changes like the MITRE changes in 5.27 are released? (This is with version detection enabled, ES version 8.3.0) ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
a week ago