Scan your data sources for defined patterns in
With correlation searches enabled, dashboards start to display notable events, risk scores, and other data.
Disable correlation searches
- From the menu bar, select Detections.
This takes you directly to the Content Management page with the following filters selected:
- Type filter of Correlation Search
- App filters for the apps and add-ons specific to Splunk Security Analytics for AWS:
- Status filter of Enabled
- Review the names and descriptions of the correlation searches to determine which ones to keep enabled to support your security use cases.
For example, if console logins in new countries are no longer a concern, consider disabling the ESCU - Detect AWS Console Login by User from New Country - Rule correlation searches.
- In the Actions column, click Disable to disable the searches that you don't want to use.
Only enable correlation searches that you use. For example, don't enable Untriaged Notable Events in an unattended production environment.
Find actionable guidance for your use cases in
Triage notable events in
This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0