Example Content - Basic Brute Force Detection

There are 120+ detection searches native to Splunk Security Essentials. From any of those, you can click Save Scheduled Search to enable the search. Have Splunk Enterprise Security? Don’t worry – we’ll directly integrate with ES. Click here for an example item.

  1. When looking at Security Content, we’ve tried to provide as much context as possible, so you can understand the impact of an example, how it works, adapt it to the particulars of your environment, and to handle the alerts that will be sent afterward.
  2. In the boxes at the top, you can find high-level details, including the ever-important ‘Data Source’ links. You can follow the ‘Data Source’ links for several popular technologies, not just a list of technologies that provide those data sources. Also, there’s detailed installation documentation that will help you get up and running!
  3. Beneath the boxes there’s other contextual data, including how to implement and respond, as well as, other examples and related Splunk capabilities.
  4. The default shows the types of results you will see from a search. If you want to get more technical, use the “Line-by-Line SPL Documentation” to see or help implement the search string.
  5. In SPL mode, you’ll be able to see the pre-requisite checks that make sure you have the right data on boarded, get the “Open in Search” buttons, and be able to click “Schedule Saved Search” to save this search right from the app.
  6. One last item for the overview, in the upper right-hand corner is a list of what searches are available for each example. Often, there’s just a demo and a live version, but some examples might have three or four different versions.