About Splunk Security Essentials
Splunk Security Essentials is a free Splunk app that helps you find security procedures that fit your environment, learn how they work, deploy them, and measure your success. Splunk Security Essentials has over 120 correlation searches and is mapped to the Kill Chain and MITRE ATT&CK framework. Within the app, there are detections with line-by-line SPL documentation that show why certain search commands are used and include context such as the security impact, implementation, and response. The app also includes content from Splunk Enterprise Security, Splunk Enterprise Security Content Update, and Splunk User Behavior Analytics.
Use Splunk Security Essentials to perform the following tasks:
- Review available content and the 120 plus detection searches to find the capabilities most relevant to you, see Review your content with the Security Content page in Use Splunk Security Essentials.
- Add custom content, see Customize Splunk Security Essentials with the Custom Content dashboard in Use Splunk Security Essentials.
- Use the Risk-based Alerting Content Recommendation dashboard to see potentially risky events in one place, see Gather events with the Risk-based Alerting dashboard in Use Splunk Security Essentials.
- View the MITRE ATT&CK coverage in your environment, see The MITRE ATT&CK Framework dashboard in Use Splunk Security Essentials.
- View the cyber kill chain coverage in your environment, see The Cyber Kill Chain dashboard in Use Splunk Security Essentials.
- Aggregate risk attributions, see Aggregate risk attributions with the Analyze ES Risk Attributions dashboard in Use Splunk Security Essentials.
- Check if your data is CIM compliant, see Check if your data is CIM-compliant with the Common Information Model Compliance Check dashboard in Use Splunk Security Essentials.
- Track active content, see Track active content in Splunk Security Essentials using Content Mapping in Use Splunk Security Essentials.
Related resources for Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1
Feedback submitted, thanks!