We explored the Splunk Security Essentials app and the use cases that are available out of the box. Our Team is trying to access the below but not able to even though they have access. Could you please have a look.
Following are the use cases that we need to configure and allow to view:
1) Source IPs Communicating with Far More Hosts Than Normal
2) Sources Sending Many DNS Requests
3) Sources Sending a High Volume of DNS Traffic
1) Significant Increase in Interactively Logged on Users
2) New Local Admin Account
3) Short Lived Admin Accounts