Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there any ES Analytical Story or Usecase for Certificates and Alerts datamodel ?

damode
Motivator
‎01-28-2021 11:48 PM

Looking to find what ES usecases are there that use Certificate and/or Alert datamodels

Labels (1)
Labels
0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎01-29-2021 10:32 AM

In the Use Case Library... you can filter on the data model to see if there's a matching analytic story or use case: https://<splunk:port>/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/ess_use_case_library  
the filters are Framework Mapping, Data Model, App, In Use, Bookmarked

Docs:  https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Usecasecontentlibrary

0 Karma
Reply

damode
Motivator
‎01-31-2021 04:22 AM

I am aware of that and there are no use cases specific to Certificates and Alerts datamodel. I was wondering if anyone here has developed any use cases for these ?

0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎02-01-2021 09:08 AM

It probably depends on which version of the ES Content Updates app you have installed. I have 3.9.1.

I see ColdRoot MacOS RAT Analytic Story & Malware Use Case for Alerts.

I don't see any for Certificates. 

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...