Splunk Enterprise Security

Is there any ES Analytical Story or Usecase for Certificates and Alerts datamodel ?

damode
Motivator

Looking to find what ES usecases are there that use Certificate and/or Alert datamodels

Labels (1)
0 Karma

lkutch_splunk
Splunk Employee
Splunk Employee

In the Use Case Library... you can filter on the data model to see if there's a matching analytic story or use case: https://<splunk:port>/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/ess_use_case_library  
the filters are Framework Mapping, Data Model, App, In Use, Bookmarked

Docs:  https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Usecasecontentlibrary

0 Karma

damode
Motivator

I am aware of that and there are no use cases specific to Certificates and Alerts datamodel. I was wondering if anyone here has developed any use cases for these ?

0 Karma

lkutch_splunk
Splunk Employee
Splunk Employee

It probably depends on which version of the ES Content Updates app you have installed. I have 3.9.1.

I see ColdRoot MacOS RAT Analytic Story & Malware Use Case for Alerts.

I don't see any for Certificates. 

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...