Updating Security Essentials

Table of Contents

Introduction

Security Essentials is made up of content from numerous data sources with the goal of making it easier to find content and deploy it in your environment. Security Essentials automatically check for new content once every 24 hours. New content can be deployed by clicking on the icon in the Configuration button in the menu bar.

Auto Updated Content

The following sections contain information about what is automatically updated in Security Essentials

Splunk User Behavior Analytics

Enterprise Security Content Update

Splunk Security Content - Baselines

Splunk Security Content - Deployments

Splunk Security Content - Detections

Splunk Security Content - Lookups

Splunk Security Content - Macros

Splunk Security Content - Tasks

Splunk Security Content - Responses

Splunk Security Content - Stories

Splunk Security Content

MITRE ATT&CK

MITRE Pre-ATT&CK

Custom Content

Note that if you have deployed custom content using the partner framework there may be additional URL’s that are used for updating Security Essentials.