Check for ES Integration

Assuming that you have ES in your environment, Splunk Security Essentials can push MITRE ATT&CK and Kill Chain attributions to the Incident Review dashboard, along with raw searches of index=risk or index=notable. Just configure the ES Integration in the system config menu.

  1. Find the Configuration menu in the navigation.
  2. Click Update ES and the app will push MITRE and Kill Chain configurations into the ES Incident Review dashboard.