Splunk® Security Essentials

Use Splunk Security Essentials

Use the Configuration menu to Customize Splunk Security Essentials

In the Configuration menu, you can include or exclude different sources of content, so that you can customize Splunk Security Essentials. These settings apply globally across Splunk Security Essentials.

To navigate to the Configuration menu from Splunk Security Essentials, select Configuration.

The following table describes the different settings in the Configuration menu:

Setting Description
Enabled Apps / Channels Toggle the different apps or channels on or off to customize what appears in Splunk Security Essentials.
Suggested Apps Splunk Security Essentials leverages the capabilities of several other Splunk apps. Consider adding these to get full value out of the app, and out of the Splunk platform.
ES Integration If you have Splunk Enterprise Security (ES) in your environment, Click Update ES to have Splunk Security Essentials push MITRE ATT&CK and Cyber Kill Chain attributions to the ES Incident Review dashboard, along with raw searches of index=risk or index=notable.
Content Mapping The Bookmarked Content page lists your local saved searches and maps those to either default content in Splunk Security Essentials or to custom content you create.
Data Inventory Data Source Categories use standardized searches to find data configured with the tags that are used in the Splunk Common Information Model.
Scheduled Searches Activate or deactivate your scheduled searches.
Update Content Select Force Update to manually update the Security Research content in Splunk Security Essentials. Otherwise, this content is automatically updated every 24 hours.
Last modified on 03 July, 2023
Custom search commands for Splunk Security Essentials   See visualizations in the Overview dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters