All Apps and Add-ons

Why am I not able to access the use cases that are available out of the box in Splunk Security Essentials App?



We explored the Splunk Security Essentials app and the use cases that are available out of the box. Our Team is trying to access the below but not able to even though they have access. Could you please have a look.

Following are the use cases that we need to configure and allow to view:


1) Source IPs Communicating with Far More Hosts Than Normal
2) Sources Sending Many DNS Requests
3) Sources Sending a High Volume of DNS Traffic


1) Significant Increase in Interactively Logged on Users
2) New Local Admin Account
3) Short Lived Admin Accounts


1) Hosts with Varied and Future timestamps

Splunk Employee
Splunk Employee

FWIW -- if anyone is still having this issue, please comment here so that I can follow up directly. (Apologies for the delay -- I was not getting notified about new questions for a long time.)

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!