Check for ES Integration
Assuming that you have ES in your environment, Splunk Security Essentials can push MITRE ATT&CK and Kill Chain attributions to the Incident Review dashboard, along with raw searches of index=risk or index=notable. Just configure the ES Integration in the system config menu.
- Find the Configuration menu in the navigation.
- Click Update ES and the app will push MITRE and Kill Chain configurations into the ES Incident Review dashboard.