Use the Configuration menu to Customize Splunk Security Essentials

In the Configuration menu, you can include or exclude different sources of content, so that you can customize Splunk Security Essentials. These settings apply globally across Splunk Security Essentials.

To navigate to the Configuration menu from Splunk Security Essentials, select Configuration.

The following table describes the different settings in the Configuration menu:

Setting	Description
Enabled Apps / Channels	Toggle the different apps or channels on or off to customize what appears in Splunk Security Essentials.
Suggested Apps	Splunk Security Essentials leverages the capabilities of several other Splunk apps. Consider adding these to get full value out of the app, and out of the Splunk platform.
ES Integration	If you have Splunk Enterprise Security (ES) in your environment, Click Update ES to have Splunk Security Essentials push MITRE ATT&CK and Cyber Kill Chain attributions to the ES Incident Review dashboard, along with raw searches of `index=risk` or `index=notable`.
Content Mapping	The Bookmarked Content page lists your local saved searches and maps those to either default content in Splunk Security Essentials or to custom content you create.
Data Inventory	Data Source Categories use standardized searches to find data configured with the tags that are used in the Splunk Common Information Model.
Scheduled Searches	Enable or disable your scheduled searches.
Update Content	Select Force Update to manually update the Security Research content in Splunk Security Essentials. Otherwise, this content is automatically updated every 24 hours.
Demo Environment Setup	Use this setting to use demo configurations for data inventory, bookmarked content, and custom content.

Related answers from Splunk Community

Use the Configuration menu to Customize Splunk Security Essentials

Comments

Was this topic useful?