Why am I not able to access the use cases that are...

hcqismiddleware · ‎05-16-2017

HIi

We explored the Splunk Security Essentials app and the use cases that are available out of the box. Our Team is trying to access the below but not able to even though they have access. Could you please have a look.

Following are the use cases that we need to configure and allow to view:

Network:

1) Source IPs Communicating with Far More Hosts Than Normal
2) Sources Sending Many DNS Requests
3) Sources Sending a High Volume of DNS Traffic

Access:

1) Significant Increase in Interactively Logged on Users
2) New Local Admin Account
3) Short Lived Admin Accounts

Endpoints:

1) Hosts with Varied and Future timestamps

David · ‎03-19-2018

FWIW -- if anyone is still having this issue, please comment here so that I can follow up directly. (Apologies for the delay -- I was not getting notified about new questions for a long time.)

Why am I not able to access the use cases that are available out of the box in Splunk Security Essentials App?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>

Why am I not able to access the use cases that are available out of the box in Splunk Security Essentials App?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>