Splunk® Mission Control

Investigate and Respond to Threats in Splunk Mission Control

Splunk admin onboarding checklist for Splunk Mission Control

Splunk Mission Control is an application that allows triage, investigation, and response to security incidents from a cloud-based console integrated with Splunk Enterprise Security (Cloud).

As a Splunk Cloud Platform admin, complete the following steps to get the most out of your Splunk Mission Control experience. See Manage roles and capabilities for users of Splunk Mission Control to compare the available roles.

Number Task Description Documentation
1 Activate Splunk Mission Control To activate Splunk Mission Control, follow these steps:
  1. Select Splunk Mission Control from the Apps menu in Splunk Cloud Platform.
  2. In the welcome dialog that appears, select Enable Mission Control.

Splunk SOAR is available within two hours of activating Splunk Mission Control.

See description.
2 Assign a default SLA A service-level agreement (SLA) in Splunk Mission Control represents a deadline for responding to or remediating an incident. You can use SLAs to prioritize your incident response. You can change the default SLA time for all incidents, and you can apply different SLA times to incidents that meet particular conditions. See Customize SLA settings.
3 Create incident types Create incident types to categorize incidents ingested into and created in Splunk Mission Control by use case or source. Incident types can also be used to associate incidents with other Splunk Mission Control features, such as a certain response template. See Create incident types.
4 Assign and manage user roles Assign analysts roles and capabilities in Splunk Mission Control. See View and assign user roles.
5 Create or manage response templates Standardize the response tasks and phases that analysts perform when investigating and responding to incidents by creating and modifying response templates. See Create response templates to establish guidelines for incident response in Splunk Mission Control to learn how to create response templates and Included response templates in Splunk Mission Control to learn what industry standard response templates are included in Splunk Mission Control.
6 Activate data source integrations for Threat Intelligence Management Set up the Threat Intelligence Management system and activate data source integrations to import threat intelligence data into Splunk Mission Control.

Contact your account representative to verify whether or not your Splunk Mission Control configuration is eligible for Threat Intelligence Management.

See Activate intelligence source integrations from Splunk Mission Control to import threat intelligence data into Threat Intelligence Management.
7 Set up threat intelligence workflows Set up intelligence workflows to gather intelligence from external data sources, pass that data through filters, and then transform the results into a destination data repository that stores the intelligence data.

Contact your account representative to verify whether or not your Splunk Mission Control configuration is eligible for Threat Intelligence Management.

See Set up intelligence workflows in Splunk Mission Control to automate indicator processing.

After you complete these steps, see Get started with Splunk Mission Control to learn how you can start triaging, investigating, and responding to security incidents.

Last modified on 11 March, 2024
  Get started with Splunk Mission Control

This documentation applies to the following versions of Splunk® Mission Control: Current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters