Splunk® Security Essentials

Use Splunk Security Essentials

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Use the Configuration menu to Customize Splunk Security Essentials

In the Configuration menu, you can include or exclude different sources of content, so that you can customize Splunk Security Essentials. These settings apply globally across Splunk Security Essentials.

To navigate to the Configuration menu from Splunk Security Essentials, select Configuration.

The following table describes the different settings in the Configuration menu:

Setting Description
Enabled Apps / Channels Toggle the different apps or channels on or off to customize what appears in Splunk Security Essentials.
Suggested Apps Splunk Security Essentials leverages the capabilities of several other Splunk apps. Consider adding these to get full value out of the app, and out of the Splunk platform.
ES Integration If you have Splunk Enterprise Security (ES) in your environment, Click Update ES to have Splunk Security Essentials push MITRE ATT&CK and Cyber Kill Chain attributions to the ES Incident Review dashboard, along with raw searches of index=risk or index=notable.
Content Mapping The Bookmarked Content page lists your local saved searches and maps those to either default content in Splunk Security Essentials or to custom content you create.
Data Inventory Data Source Categories use standardized searches to find data configured with the tags that are used in the Splunk Common Information Model.
Scheduled Searches Enable or disable your scheduled searches.
Update Content Select Force Update to manually update the Security Research content in Splunk Security Essentials. Otherwise, this content is automatically updated every 24 hours.
Last modified on 08 May, 2023
PREVIOUS
Custom search commands for Splunk Security Essentials
  NEXT
See visualizations in the Overview dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters