Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

General settings

Use the Splunk App for Enterprise Security configuration panel to set up your application.

Es app config panel nav 3.0.png

Credential Management

Click Credential Management to view and edit user credentials for data inputs.

Es app config cred mgmt 3.0.png

placeholder screen - to be updated

  • Use the Search field to search for an existing credential.
  • Click Previous or Next to view the existing credentials.

Note: All of the dashboard editing tools are available for this dashboard. Click Edit to modify this dashboard or More Info for information about the dashboard.

Edit an existing credential for an input

To edit an existing credential:

1. Click Edit next to the credential name.

2. Use the editor to change the user name, password, or application for the credential. You cannot change the realm, which will depend on the system using the credential. Create a new credential if you want to have a different realm.

Es credential mgmt edit 3.0.png

3. Click Save when you are done with your changes.

Add a new credential for an input

To add a new credential:

1. Click New Credential to add a new user credential.

2. Use the edit panel to add the username and password for the new credential.

Es create credential.png

3. Select the Application for the credential.

4. Click Save when you are done. The new credential will appear in the Credential Management list.

Navigation

Click Navigation to select and edit the dashboards and domains you want to display in the Splunk App for Enterprise Security. The Navigation editor is used to manage which domains, add-ons, and dashboards are displayed in the Splunk App for Enterprise Security.

Es nav editor 3.0.png

Note: You must have Enterprise Security administrator privileges to modify these settings.

See the new dashboard or view in the Navigation editor and choose where to place it in the navigation menu. Select to items add to an existing menu or create a new menu item. See the list of available dashboards in "Dashboards" in this manual. All dashboards located on the search head should be available in the navigation tool.

Edit the default dashboards

1. You can disable a whole menu or individual items in a menu using the Navigation editor.

  • To disable a domain or dashboard, click the "X" on the main menu panel.
  • To disable a single menu item, select the item (a check mark shows that the item is selected) and then click the "X" next to the item.

2. To rearrange display of the menus, select and drag them into a new order.

3. When you complete your changes, click Save.

Note: Disabling domains or dashboards in the Splunk App for Enterprise Security disables the navigation (and display of that item) only. It does not disable saved searches, which will continue to run in the background.

The unused, disabled, or removed searches are shown in the Unused Reports list on the left of the Navigation editor.

Note: Upgrades will not affect the items added to the menu using the Navigation editor.

Add new dashboards

To add a new dashboard from the list included with the Splunk App for Enterprise security:

1. From the Navigation editor, select the new item from the list of Unused Reports at the left.

2. Drag the selected report into the menu area at the right and place it where you want it to appear in the menus. The existing menu items will shift to make room for the new item.

3. When you complete your changes, click Save.

For the the full list of available reports that can be added to the Splunk App for Enterprise Security using the Navigation editor, see the "Reports" list in this manual.

See the "Search View Matrix' in the Splunk App for Enterprise Security User Manual for more information on dashboards and the searches that provide their content.

Last modified on 27 December, 2013
PREVIOUS
Steps to configure
  NEXT
Key indicators

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters