Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there any ES Analytical Story or Usecase for Certificates and Alerts datamodel ?

damode
Motivator
‎01-28-2021 11:48 PM

Looking to find what ES usecases are there that use Certificate and/or Alert datamodels

Labels (1)
Labels
0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎01-29-2021 10:32 AM

In the Use Case Library... you can filter on the data model to see if there's a matching analytic story or use case: https://<splunk:port>/splunk-es/en-US/app/SplunkEnterpriseSecuritySuite/ess_use_case_library  
the filters are Framework Mapping, Data Model, App, In Use, Bookmarked

Docs:  https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Usecasecontentlibrary

0 Karma
Reply

damode
Motivator
‎01-31-2021 04:22 AM

I am aware of that and there are no use cases specific to Certificates and Alerts datamodel. I was wondering if anyone here has developed any use cases for these ?

0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎02-01-2021 09:08 AM

It probably depends on which version of the ES Content Updates app you have installed. I have 3.9.1.

I see ColdRoot MacOS RAT Analytic Story & Malware Use Case for Alerts.

I don't see any for Certificates. 

0 Karma
Reply
Get Updates on the Splunk Community!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Want a chance to win $500 to the Splunk shop? Take our IT Incident Management Survey!

  Top Trends & Best Practices in Incident ManagementSplunk is partnering up with Constellation Research to ...