Splunk® Security Essentials

Install and Configure Splunk Security Essentials

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Configure Splunk Security Essentials

After you install Splunk Security Essentials, complete these tasks to ensure that Splunk Security Essentials works as intended. These tasks are listed in order in the Set Up menu in Splunk Security Essentials.

Checklist of tasks to configure Splunk Security Essentials

Complete the following tasks in the order they are listed to configure Splunk Security Essentials.

Step number Task Description Documentation
1 Map data sources using Data Inventory Introspection. Map data sources in Splunk Security Essentials using Data Inventory Introspection so that Splunk Security Essentials can assess your available data. See Configure the products you have in your environment with the Data Inventory dashboard in Use Splunk Security Essentials.
2 Run Content Introspection. Run Content Introspection to find content that you have already created such as searches or alerts and either map that content in Splunk Security Essentials, or define new content. Content Introspection also needs to be configured before you can use the MITRE ATT&CK dashboard. See Track active content in Splunk Security Essentials using Content Introspection in Use Splunk Security Essentials.
3 Review the App Configuration. Review or customize app configuration to ensure Splunk Security Essentials is setup correctly. See Customize Splunk Security Essentials in Use Splunk Security Essentials.
4 (Optional) Create Posture Dashboards. In Splunk Security Essentials, create security posture dashboards to see overview dashboards of all your security content in Splunk Security Essentials. See Create security posture dashboards in Use Splunk Security Essentials.
Last modified on 11 October, 2021
PREVIOUS
Install Splunk Security Essentials
  NEXT
Edit permissions to provide write access to Splunk Security Essentials

This documentation applies to the following versions of Splunk® Security Essentials: 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters