Why am I not able to access the use cases that are...

hcqismiddleware · ‎05-16-2017

HIi

We explored the Splunk Security Essentials app and the use cases that are available out of the box. Our Team is trying to access the below but not able to even though they have access. Could you please have a look.

Following are the use cases that we need to configure and allow to view:

Network:

1) Source IPs Communicating with Far More Hosts Than Normal
2) Sources Sending Many DNS Requests
3) Sources Sending a High Volume of DNS Traffic

Access:

1) Significant Increase in Interactively Logged on Users
2) New Local Admin Account
3) Short Lived Admin Accounts

Endpoints:

1) Hosts with Varied and Future timestamps

David · ‎03-19-2018

FWIW -- if anyone is still having this issue, please comment here so that I can follow up directly. (Apologies for the delay -- I was not getting notified about new questions for a long time.)

Why am I not able to access the use cases that are available out of the box in Splunk Security Essentials App?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Are you a member of the Splunk Community?

Why am I not able to access the use cases that are available out of the box in Splunk Security Essentials App?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code