explore the enterprise security content updates app - splunk...explore the enterprise security...

ExploretheEnterpriseSecurityContentUpdatesapp

1. Navigatetothe‘ContentLibrary’fromthenavigationbar.Thisistypicallythelandingpage.

2. Ensure‘AnalyticStoriesStats’tabisselected.

3. Reviewthecontentstoidentifycoverageforvarioussecurityframeworks.

4. ScrolldowntoviewalistingoftheAnalyticStories.5. Selectthe‘SearchSummary’tab.6. Reviewthevarioussearchesanddetails.

ExploretheAnalyticStories

1. Navigatetothe‘AnalyticStoryDetail’pagefromthenavigationbar.

2. SelectanAnalyticStoryfromthedropdown .

3. ReviewthevarioussearchesthatmakeuptheAnalyticStory3.1. Detectionsearches,contextualsearches,and

investigativesearches

Enableandcustomizeasearch

1. GototheEnterpriseSecurityapp2. NavigatetoConfiguration->ContentManagement3. Inthe‘App’dropdown,selectDA-ESS-ContentUpdate4. Inthe‘Type’dropdown,selectCorrelationSearch

5. Selectthesearch‘ClientsConnectingtoMultipleDNSServers’

6. EditthesearchtoalertwhenthenumberofdifferentDNSserverscontactedis>7

7. ClickSave