Splunk Enterprise Security

Splunk Security Essentials

venkasplunk
New Member

Hi all,

Just installed splunk security essentials app and after that did a "Start Searches" , its running for long time.

Is there anything am missing here,

Am data inventory is not showing anything
No data sources as well.

Please guide me.

0 Karma

zhangcongcong
Loves-to-Learn Lots

I have the same question ,can you share that how you solved it? please~

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk Security Essentials is a "how-to" app rather than a "plug-and-play" app. Think of it like a cookbook that tells you how to bake a cake, but does not actually bake cakes.

Review the SSE use cases and select those that might apply in your environment. Review the SPL and run the samples to see if any data is found. Bear in mind you probably will have to modify the searches as they often use "index=*" or expect sourcetypes you don't have.

---
If this reply helps you, Karma would be appreciated.
0 Karma

venkasplunk
New Member

Thank you so much and i can relate that now effectively.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...