Splunk® Enterprise Security

Use Cases

Splunk Enterprise Security (ES) versions 6.0.0, 6.0.1, and 6.3.0 are no longer available for download from Splunkbase as of April 15, 2021. Please upgrade to the latest version of Splunk Enterprise Security to avoid any potential issues with Assets and Identity management.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Overview

These use cases walk you through monitoring, investigation, and detection scenarios for security incidents using Splunk Enterprise Security. Use the available dashboards, alerts, correlation searches, as well as custom searches, to assess and remediate threats in your environment.

The following use cases explain real-world ways you can use Splunk Enterprise Security.

Detect malware

Identify suspicious activity

Last modified on 26 May, 2021
  Using Enterprise Security to find Malware

This documentation applies to the following versions of Splunk® Enterprise Security: 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters