Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

Gather events with the Risk-based Alerting dashboard

The Risk-based Alerting Content Recommendation dashboard gathers possibly risky events together for analysts to view in one place.

Prerequisites

Configure the Data Inventory dashboard and Content Introspection. For more information, see Configure the products you have in your environment with the Data Inventory dashboard or Track active content in Splunk Security Essentials using Content Introspection.

Steps

  1. In Splunk Security Essentials, navigate to Security Content > Risk-based Alerting Content Recommendation.
  2. Select a category to see how many pieces of content you already deployed and how many are available with your existing data.
  3. (Optional) Use the Apps filter to further filter on where you want the content recommendation to come from.

With one or more categories selected, the dashboard shows you all of the content that you can leverage. You can click through to any of these to enable them, bookmark them, or more.

Last modified on 05 January, 2021
Find content with the MITRE ATT&CK-Driven Content Recommendation dashboard   The Content Overview dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters