×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
cseiler-gmp
New Member
Member since: ‎05-11-2026
‎05-11-2026
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-11-2026
Activity Feed
View All

Re: Bulk update ESCU detections

by in Splunk Enterprise Security
‎05-11-2026 12:21 PM
‎05-11-2026 12:21 PM
Currently just enabling them via Enterprise Security Content Management UI, not cloning them out unless we have a very specific logic change that would need to be made for our environment. The searches are still knowledge objects owned by ESCU. ... View more

Bulk update ESCU detections

by in Splunk Enterprise Security
‎05-11-2026 12:05 PM
‎05-11-2026 12:05 PM
Is there a way to bulk update enabled ESCU detections when a new version with a lot of metadata changes like the MITRE changes in 5.27 are released? (This is with version detection enabled, ES version 8.3.0) ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-11-2026 11:54 AM