explore the enterprise security content updates app - splunk...explore the enterprise security...
TRANSCRIPT
ExploretheEnterpriseSecurityContentUpdatesapp
1. Navigatetothe‘ContentLibrary’fromthenavigationbar.Thisistypicallythelandingpage.
2. Ensure‘AnalyticStoriesStats’tabisselected.
3. Reviewthecontentstoidentifycoverageforvarioussecurityframeworks.
4. ScrolldowntoviewalistingoftheAnalyticStories.5. Selectthe‘SearchSummary’tab.6. Reviewthevarioussearchesanddetails.
ExploretheAnalyticStories
1. Navigatetothe‘AnalyticStoryDetail’pagefromthenavigationbar.
2. SelectanAnalyticStoryfromthedropdown .
3. ReviewthevarioussearchesthatmakeuptheAnalyticStory3.1. Detectionsearches,contextualsearches,and
investigativesearches
Enableandcustomizeasearch
1. GototheEnterpriseSecurityapp2. NavigatetoConfiguration->ContentManagement3. Inthe‘App’dropdown,selectDA-ESS-ContentUpdate4. Inthe‘Type’dropdown,selectCorrelationSearch
5. Selectthesearch‘ClientsConnectingtoMultipleDNSServers’
6. EditthesearchtoalertwhenthenumberofdifferentDNSserverscontactedis>7
7. ClickSave