Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

Find content with the MITRE ATT&CK-Driven Content Recommendation dashboard

Use MITRE ATT&CK to filter for the Splunk content related to MITRE ATT&CK techniques that are associated with many different threat groups.

Prerequisites

Configure the Data Inventory dashboard and Content Introspection. For more information, see Configure the products you have in your environment with the Data Inventory dashboard or Track active content in Splunk Security Essentials using Content Introspection.

Steps

  1. In Splunk Security Essentials, navigate to Security Content > MITRE ATT&CK-Driven Content Recommendation.
  2. In the Categories filter, click the issue category you're concerned with.
  3. (Optional) Adjust the filters for data availability and popularity.

A list of content recommendations appears based on your filters.

Last modified on 14 September, 2021
Find content to use in your ransomware defense with the Ransomware Content Browser   Gather events with the Risk-based Alerting dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters