Managing security content in Splunk Enterprise Security
As a Splunk Enterprise Security administrator, you can use the Content Management page to display, create, configure, and edit content that is unique to Splunk Enterprise Security, such as detections, key indicators, saved searches, and swim lane searches.
- Create event-based detections in Splunk Enterprise Security
- Create finding-based detections in Splunk Enterprise Security
- Create and manage key indicator searches in Splunk Enterprise Security
- Create and manage saved searches in Splunk Enterprise Security
- Create and manage search-driven lookups in Splunk Enterprise Security
Available threat intelligence and generic intelligence sources included in Splunk Enterprise Security | Create and manage data models in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1
Feedback submitted, thanks!