Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

Find content to use in your ransomware defense with the Ransomware Content Browser

Plan your ransomware defense with the Ransomware Content Browser by first viewing a visualization of the lifecycle of a ransomware attack and then using the Ransomware Content List to find content to protect against a ransomware attack. View the Total content by Type table to see what types of content are available for each security phase.

You can navigate to the Ransomware Content Browser in Splunk Security Essentials by navigating to Security Content > Ransomware Content Browser.

Use the Ransomware Content List to find content to use in your ransomware defense

To find content to use in your ransomware defense, follow these steps:

  1. Navigate to the Ransomware Content List.
  2. Change the Content Type from the default of Any to reflect the type of content you are looking for.
  3. Change the Phase from the default of Any to find content related to a specific type of security threat.
  4. Change Critical Control from the default of Any to find content related to a specific type of security control.

The filters populate information about the stage and phase and if available, content appears in the Content in selection area of the page. You can then select the content to start using it in your ransomware defense plan, or if the content is a detection, you can schedule the detection to prevent ransomware on your system.

Last modified on 14 July, 2022
Customize Splunk Security Essentials with the Custom Content dashboard   Find content with the MITRE ATT&CK-Driven Content Recommendation dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters