All Apps and Add-ons

Why am I not able to access the use cases that are available out of the box in Splunk Security Essentials App?

hcqismiddleware
Engager

HIi

We explored the Splunk Security Essentials app and the use cases that are available out of the box. Our Team is trying to access the below but not able to even though they have access. Could you please have a look.

Following are the use cases that we need to configure and allow to view:

Network:

1) Source IPs Communicating with Far More Hosts Than Normal
2) Sources Sending Many DNS Requests
3) Sources Sending a High Volume of DNS Traffic

Access:

1) Significant Increase in Interactively Logged on Users
2) New Local Admin Account
3) Short Lived Admin Accounts

Endpoints:

1) Hosts with Varied and Future timestamps

David
Splunk Employee
Splunk Employee

FWIW -- if anyone is still having this issue, please comment here so that I can follow up directly. (Apologies for the delay -- I was not getting notified about new questions for a long time.)

0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...