Splunk® Security Analytics for AWS

User Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Administration in

Use Data Manager to get data into before working with your data. See Release notes for Data Manager

For prescriptive information specific to , see Overview of use case topics in .

For detailed information about administrative possibilities, see the following.

General settings

Change threshold values, macro definitions, search filters, and other commonly changed values on the General Settings page. See Configure general settings for Splunk Enterprise Security in the Administer Splunk Enterprise Security manual.

Configure users and roles

uses the access control system integrated with the Splunk platform. The Splunk platform authorization allows you to add users, assign users to roles, and assign those roles custom capabilities to provide granular, role-based access control for your organization. See Configure users and roles in the Splunk Enterprise Security Installation and Upgrade Manual.

Update the Analytic Stories

When new security content is available, admins see a New Content Available dialog box. The dialog box may pop up on any page view. See Update the Analytic Stories.

Work with audit dashboards

Use the audit dashboards to validate the security and integrity of the data in your environment. See Audit dashboards in the Use Splunk Enterprise Security manual.

Work with enrichment

Correlate asset and identity information with events to enrich and provide context to your data. See Add asset and identity data to Splunk Enterprise Security in the Administer Splunk Enterprise Security manual.

Work with risk factors

Enable default risk factors designed for specific conditions to dynamically assign risk scores to risk objects and effectively isolate threats. See Use default risk factors in Splunk Enterprise Security and Create risk factors in Splunk Enterprise Security in the Administer Splunk Enterprise Security manual.

Last modified on 22 June, 2021
PREVIOUS
Manage risk in
 

This documentation applies to the following versions of Splunk® Security Analytics for AWS: 1.0.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters