Splunk Enterprise Security

Is there any ES Analytical Story or Usecase for Certificates and Alerts datamodel ?

damode
Motivator

Looking to find what ES usecases are there that use Certificate and/or Alert datamodels

Labels (1)
0 Karma

lkutch_splunk
Splunk Employee
Splunk Employee

In the Use Case Library... you can filter on the data model to see if there's a matching analytic story or use case: https://<splunk:port>/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/ess_use_case_library  
the filters are Framework Mapping, Data Model, App, In Use, Bookmarked

Docs:  https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Usecasecontentlibrary

0 Karma

damode
Motivator

I am aware of that and there are no use cases specific to Certificates and Alerts datamodel. I was wondering if anyone here has developed any use cases for these ?

0 Karma

lkutch_splunk
Splunk Employee
Splunk Employee

It probably depends on which version of the ES Content Updates app you have installed. I have 3.9.1.

I see ColdRoot MacOS RAT Analytic Story & Malware Use Case for Alerts.

I don't see any for Certificates. 

0 Karma
Get Updates on the Splunk Community!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Want a chance to win $500 to the Splunk shop? Take our IT Incident Management Survey!

  Top Trends & Best Practices in Incident ManagementSplunk is partnering up with Constellation Research to ...