Share threat data in Splunk Enterprise Security

If you are a Splunk Enterprise Security Hosted Service Offering (cloud) customer with a standard terms contract renewed or created after January 10, 2025 then the following applies. Not applicable for all other customers.

We can respond much faster and more precisely to the evolving threat landscape when our Splunk Enterprise Security customers share their threat data such as data in risk and notable indexes and event data such as security-focused logs with us for enhanced insights and analytics. Shared data from our Splunk Enterprise Security community helps us to provide improved detection capabilities, update threat intelligence, analyze threat trends, and perform more informed testing, improvement and operations of our security offerings.

To protect sensitive data elements or fields such as Personally Identifiable Information (PII), shared threat and event data undergo a transformation to pseudonymize these fields. Moreover, Splunk's use follows a minimization principle, limiting collection to only what is necessary, and data is automatically deleted after 180 days. Customers can view the SOC 2 Report for the Splunk Cloud environment in our [ https://customertrust.splunk.com/ Customer Trust Portal]. At this time, customers are not able to choose specific indexes or events to share; however, there is an opt-out process defined below.

With our updated Splunk General Terms and Splunk Specific Offering Terms for Enterprise Security, you give us instructions to collect and analyze threat and event data in your Splunk Enterprise Security Hosted Service. Our mission with this data sharing program is to develop new analytics and machine learning (ML) models as well as make our security offerings more responsive and predictive to the needs of you and our other customers.

What is the benefit to me?

Following is a list of benefits for participating in Threat Data usage in Splunk Enterprise Security enhancement program: 

• Reduced noise and higher fidelity outcomes: Customers who share their data under this program have the benefit of new analytics and machine learning models in our security offerings tested and tuned against their data. When your data is part of this processing, we expect less false positives and noise, and more reliable outcomes, when those new analytics and models are processing your data in your production environment.

• Early access to new detections: Customers who allow Splunk to process their data might be given early access to new detections based on the insights gained from the shared information and knowledge of how it performs using your data. This can help you to stay ahead of the curve by utilizing the latest security content as quickly as possible.

• Customized security insights: Customer data contributes to tailored analytics and insights into the latest security trends, that can be shared for more relevant and actionable outcomes.

• Transparency and control: Splunk is committed to the transparent handling of data with clear options to manage the data you instruct Splunk to use for these purposes. You can have confidence of knowing how your data is used and retain the ability to withdraw your permission at any time.

How to opt-out of sharing Threat Data

To opt-out of the sharing of your threat and event data that is ingested into Splunk Enterprise Security and used as described above, please submit an email to optoutdatause@splunk.com. For timely processing of your request, be sure the email contains the following information:

• The full name of your company
• Splunk Enterprise Security Cloud customers should include the name of your company's Splunk Enterprise Security stack (the URL of your Cloud deployment)
• The name of your Splunk Sales Representative (if known)