Configure Splunk Security Essentials
After you install Splunk Security Essentials, complete these tasks to ensure that Splunk Security Essentials works as intended. These tasks are listed in order in the Set Up menu in Splunk Security Essentials.
Checklist of tasks to configure Splunk Security Essentials
Complete the following tasks in the order they are listed to configure Splunk Security Essentials.
| Step number | Task | Description | Documentation |
|---|---|---|---|
| 1 | Map data sources using Data Inventory Introspection. | Map data sources in Splunk Security Essentials using Data Inventory Introspection so that Splunk Security Essentials can assess your available data. | See Configure the products you have in your environment with the Data Inventory dashboard in Use Splunk Security Essentials. |
| 2 | Run Content Mapping. | Run Content Mapping to find content that you have already created such as searches or alerts and either map that content in Splunk Security Essentials, or define new content. Content Mapping also needs to be configured before you can use the MITRE ATT&CK dashboard. | See Track active content in Splunk Security Essentials using Content Mapping in Use Splunk Security Essentials. |
| 3 | Review the App Configuration. | Review or customize app configuration to ensure Splunk Security Essentials is setup correctly. | See Customize Splunk Security Essentials in Use Splunk Security Essentials. |
| 4 (Optional) | Create Posture Dashboards. | In Splunk Security Essentials, create security posture dashboards to see overview dashboards of all your security content in Splunk Security Essentials. | See Create security Posture Dashboards in Use Splunk Security Essentials. |
Last modified on 30 June, 2023
| Uninstall Splunk Security Essentials | Edit permissions to provide write access to Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1
Download manual
Feedback submitted, thanks!