Use Data Manager to get data into before working with your data. See Release notes for Data Manager
For prescriptive information specific to , see Overview of use case topics in .
For detailed information about administrative possibilities, see the following.
Change threshold values, macro definitions, search filters, and other commonly changed values on the General Settings page. See Configure general settings for Splunk Enterprise Security in the Administer Splunk Enterprise Security manual.
Configure users and roles
uses the access control system integrated with the Splunk platform. The Splunk platform authorization allows you to add users, assign users to roles, and assign those roles custom capabilities to provide granular, role-based access control for your organization. See Configure users and roles in the Splunk Enterprise Security Installation and Upgrade Manual.
Update the Analytic Stories
When new security content is available, admins see a New Content Available dialog box. The dialog box may pop up on any page view. See Update the Analytic Stories.
Work with audit dashboards
Use the audit dashboards to validate the security and integrity of the data in your environment. See Audit dashboards in the Use Splunk Enterprise Security manual.
Work with enrichment
Correlate asset and identity information with events to enrich and provide context to your data. See Add asset and identity data to Splunk Enterprise Security in the Administer Splunk Enterprise Security manual.
Work with risk factors
Enable default risk factors designed for specific conditions to dynamically assign risk scores to risk objects and effectively isolate threats. See Use default risk factors in Splunk Enterprise Security and Create risk factors in Splunk Enterprise Security in the Administer Splunk Enterprise Security manual.
Manage risk in
This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0