All Apps and Add-ons

Splunk Security Essentials: Why is my team unable access the use cases that are available out of the box?

hcqismiddleware
Engager

HIi

We explored the Splunk Security Essentials app and the use cases that are available out of the box. Our Team is trying to access the below but not able to even though they have access. Could you please have a look.

Following are the use cases that we need to configure and allow to view:

Network:

1) Source IPs Communicating with Far More Hosts Than Normal
2) Sources Sending Many DNS Requests
3) Sources Sending a High Volume of DNS Traffic

Access:

1) Significant Increase in Interactively Logged on Users
2) New Local Admin Account
3) Short Lived Admin Accounts

Endpoints:

1) Hosts with Varied and Future timestamps

David
Splunk Employee
Splunk Employee

Apologies for the delay on this -- apparently I'm not getting notifications about answers anymore..

I'm not sure why you would not be able to access the use cases, and I've never heard reports of this issue before. Can you share an error message, or a screenshot? Have you tried an alternative browser?

Again, sorry for the delay!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...