Configure Splunk Security Essentials
After you install Splunk Security Essentials, complete these tasks to ensure that Splunk Security Essentials works as intended.
Checklist of tasks to configure Splunk Security Essentials
Complete the following tasks in the order they are listed to configure Splunk Security Essentials.
Step number | Task | Description | Documentation |
---|---|---|---|
1 | Map data sources using Data Inventory Introspection. | Map data sources in Splunk Security Essentials using Data Inventory Introspection so that Splunk Security Essentials can assess your available data. | See Configure the products you have in your environment with the Data Inventory dashboard in Use Splunk Security Essentials. |
2 | Run Content Introspection. | Run Content Introspection to find content that you have already created such as searches or alerts and either map that content in Splunk Security Essentials, or define new content. Content Introspection also needs to be configured before you can use the MITRE ATT&CK dashboard. | See Track active content in Splunk Security Essentials using Content Introspection in Use Splunk Security Essentials. |
3 | Use the Data Source Check dashboard to verify if data sources exist for examples. | In Splunk Security Essentials, every example has defined prerequisites to help you know if a search works in your environment. You can verify if the data sources exist for examples using the Data Source Check dashboard. | See Check data sources with the Data Source Check dashboard in Use Splunk Security Essentials. |
PREVIOUS Install Splunk Security Essentials |
NEXT Edit permissions to provide write access to Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4
Feedback submitted, thanks!