Details
You've got the best security platform, now power it with the best security searches in the world. The CorrelationX service includes access to our entire catalog of 400+ security searches as well as access to the innovative new searches created by our industry-leading research team.
Splunk Enerprise Security is supported but is not required. The app ties into your CorrelationX subscription, allowing for one-click integration of security content into your Splunk Enterprise or Enterprise Security.
INSTALL INSTRUCTIONS
1. Download the app.
2. Log in to your Splunk instance.
3. Click the 'Manage Apps' gear icon located above your installed apps.
4. Click 'Install app from file'.
5. Click the 'Browse' button and select the CorrelationX App install file that you downloaded.
6. If you already have the CorrelationX App installed, check the 'Upgrade app' button. Otherwise, leave this unchecked.
7. Click the 'Upload' button.
8. You will be required to restart Splunk. Once Splunk has been restarted you may enjoy your new app!
9. We highly recommend installing the CorrelationX data models and CIM optimizations to enable more content.
-Fixed an issue in which some ES searches were being saved with an Owner value of System.
-Fixed a bug where in some instances ES searches were being set with an Owner value of System.
-Enhanced the automated data model field mappings and field alias creations
-General performance improvements
-Enhancements to the automatic data model field pairing process
-Performance improvements
New features:
-Integration with Enterprise Security and notable event framework
-Expanded content support for CIM and custom CorrelationX data models
-Dashboard with overview of Kill Chain compliance, installed searches and data model compliance
-Streamlined configuration of knowledge objects to improve data model coverage
-Customizable deployment options for CorrelationX knowledge objects
-Ability to customize SPL before saving a search
New features:
-Integration with Enterprise Security and notable event framework
-Expanded content support for CIM and custom CorrelationX data models
-Dashboard with overview of Kill Chain compliance, installed searches and data model compliance
-Streamlined configuration of knowledge objects to improve data model coverage
-Customizable deployment options for CorrelationX knowledge objects
-Ability to customize SPL before saving a search
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.