In the Configuration menu, you can include or exclude different sources of content, so that you can customize Splunk Security Essentials. These settings apply globally across Splunk Security Essentials.
To navigate to the Configuration menu from Splunk Security Essentials, select Configuration.
The following table describes the different settings in the Configuration menu:
Setting | Description |
---|---|
Enabled Apps / Channels | Toggle the different apps or channels on or off to customize what appears in Splunk Security Essentials. |
Suggested Apps | Splunk Security Essentials leverages the capabilities of several other Splunk apps. Consider adding these to get full value out of the app, and out of the Splunk platform. |
ES Integration | If you have Splunk Enterprise Security (ES) in your environment, Click Update ES to have Splunk Security Essentials push MITRE ATT&CK and Cyber Kill Chain attributions to the ES Incident Review dashboard, along with raw searches of index=risk or index=notable .
|
Content Mapping | The Bookmarked Content page lists your local saved searches and maps those to either default content in Splunk Security Essentials or to custom content you create. |
Data Inventory | Data Source Categories use standardized searches to find data configured with the tags that are used in the Splunk Common Information Model. |
Scheduled Searches | Activate or deactivate your scheduled searches. |
Update Content | Select Force Update to manually update the Security Research content in Splunk Security Essentials. Otherwise, this content is automatically updated every 24 hours. |
Custom search commands for Splunk Security Essentials | See visualizations in the Overview dashboard |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1
Feedback submitted, thanks!