![]() ![]() Check if your data is CIM compliant, see Check if your data is CIM-compliant with the Common Information Model Compliance Check dashboard in Use Splunk Security Essentials.Aggregate risk attributions, see Aggregate risk attributions with the Analyze ES Risk Attributions dashboard in Use Splunk Security Essentials. ![]() View the cyber kill chain coverage in your environment, see The Cyber Kill Chain dashboard in Use Splunk Security Essentials.View the MITRE ATT&CK coverage in your environment, see The MITRE ATT&CK Framework dashboard in Use Splunk Security Essentials.Use the Risk-based Alerting Content Recommendation dashboard to see potentially risky events in one place, see Gather events with the Risk-based Alerting dashboard in Use Splunk Security Essentials.Add custom content, see Customize Splunk Security Essentials with the Custom Content dashboard in Use Splunk Security Essentials.Review available content and the 120 plus detection searches to find the capabilities most relevant to you, see Review your content with the Security Content page in Use Splunk Security Essentials.Use Splunk Security Essentials to perform the following tasks: The app also includes content from Splunk Enterprise Security, Splunk Enterprise Security Content Update, and Splunk User Behavior Analytics. Within the app, there are detections with line-by-line SPL documentation that show why certain search commands are used and include context such as the security impact, implementation, and response. Splunk Security Essentials has over 120 correlation searches and is mapped to the Kill Chain and MITRE ATT&CK framework. See Create security posture dashboards in Use Splunk Security Essentials.Splunk Security Essentials is a free Splunk app that helps you find security procedures that fit your environment, learn how they work, deploy them, and measure your success. In Splunk Security Essentials, create security posture dashboards to see overview dashboards of all your security content in Splunk Security Essentials. See Customize Splunk Security Essentials in Use Splunk Security Essentials. Review or customize app configuration to ensure Splunk Security Essentials is setup correctly. See Track active content in Splunk Security Essentials using Content Introspection in Use Splunk Security Essentials. Content Introspection also needs to be configured before you can use the MITRE ATT&CK dashboard. Run Content Introspection to find content that you have already created such as searches or alerts and either map that content in Splunk Security Essentials, or define new content. See Configure the products you have in your environment with the Data Inventory dashboard in Use Splunk Security Essentials. Map data sources in Splunk Security Essentials using Data Inventory Introspection so that Splunk Security Essentials can assess your available data. Map data sources using Data Inventory Introspection. These tasks are listed in order in the Set Up menu in Splunk Security Essentials.Ĭhecklist of tasks to configure Splunk Security EssentialsĬomplete the following tasks in the order they are listed to configure Splunk Security Essentials. After you install Splunk Security Essentials, complete these tasks to ensure that Splunk Security Essentials works as intended. ![]()
0 Comments
Leave a Reply. |