Scribd Logo
Upload

Welcome to Scribd!

  • Splunk Enterprise Security Part1

    Uploaded by

    hjmclddgbolrlsxbkn
    13 views1 page
    The document discusses Splunk indexes used by various apps and add-ons. It lists several non-system indexes used for different purposes like threat intelligence, audit data, endpoint protection, and more. It also mentions tools for deploying and configuring indexes and provides pointers for more documentation.

    Original Description:

    Splunk Enterprise Security Part1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses Splunk indexes used by various apps and add-ons. It lists several non-system indexes used for different purposes like threat intelligence, audit data, endpoint protection, and more. It also mentions tools for deploying and configuring indexes and provides pointers for more documentation.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views1 page

    Splunk Enterprise Security Part1

    Uploaded by

    hjmclddgbolrlsxbkn
    The document discusses Splunk indexes used by various apps and add-ons. It lists several non-system indexes used for different purposes like threat intelligence, audit data, endpoint protection, and more. It also mentions tools for deploying and configuring indexes and provides pointers for more documentation.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    • Multiple storage paths

    • Accelerated data models


    • Data retention
    • Bucket sizing
    • Use of volume parameters.

    For detailed examples of configuring indexes, see indexes.conf.example in the Splunk Enterprise Admin Manual.

    Indexes by app

    You might see additional or fewer indexes, depending on your capabilities and which apps you have installed. The
    following are non-system indexes.

    App context Index Description


    Summary index used by the Geographically Improbable Access panel on
    DA-ESS-AccessProtection gia_summary
    the Access Anomalies dashboard.

    ioc Unused in this release.


    DA-ESS-ThreatIntelligence
    threat_activity Contains events that result from a threat list match.

    SA-AuditAndDataProtection audit_summary Audit and Data Protection summary index.

    SA-EndpointProtection endpoint_summary Endpoint protection summary index.

    SA-NetworkProtection whois WHOIS data index.

    notable Contains the notable events.


    SA-ThreatIntelligence
    notable_summary Contains a stats summary of notable events used on select dashboards.

    risk Contains the risk modifier events.

    pci If PCI is installed, contains the PCI event data.


    Splunk_DA-ESS_PCICompliance
    pci_posture_summary If PCI is installed, contains the PCI compliance status history.

    pci_summary If PCI is installed, contains the PCI summary data.

    cim_summary Unused in this release.


    Splunk_SA_CIM
    cim_modactions Contains the adaptive response action events.

    Does not contain event data. Used behind the scenes for routing to your
    ubaroute
    Splunk_TA_ueba UBA target.

    ueba Contains UBA events.

    Contains sequenced event data, after the successful termination of a


    SplunkEnterpriseSecuritySuite sequenced_events
    sequence template.
    Add-ons can include custom indexes defined in an indexes.conf file. See About managing indexes in the Splunk
    Enterprise Managing Indexers and Clusters of Indexers manual.

    Index deployment

    Splunk Enterprise Security includes a tool to gather the indexes.conf and index-time props.conf and transforms.conf
    settings from all enabled apps and add-ons on the search head and assemble them into one add-on. For more details,
    see Deploy add-ons included with Splunk Enterprise Security in this manual.

    26

    You might also like