Installation and Configuration Manual


About the Splunk App for Enterprise Security

About the Splunk App for Enterprise Security

The Splunk App for Enterprise Security provides the security practitioner with visibility into security-relevant threats found in the enterprise infrastructure by capturing, monitoring, and reporting on data from enterprise security devices, systems, and applications. Through the use of Splunk Enterprise searching and reporting capabilities, the Enterprise Security app provides a top-down and bottom-up view of an organization's security posture.

The Splunk App for Enterprise Security leverages Splunk Enterprise search-time normalization techniques, saved searches, and correlation searches to provide visibility into security-relevant threats and activity and generate notable events for tracking. The Enterprise Security app will assist the security practitioner in investigating and exploring the data to find new or unknown threats that do not follow signature-based patterns.

The Installation and Configuration Manual covers planning, installing, and configuring the Splunk for Enterprise Security deployment. It also covers how to customize the app after installation. The upgrade topic discusses how to update to the latest version of the Splunk App for Enterprise Security.

This manual assumes the reader can install, configure, and administer Splunk Enterprise. If you need training on Splunk Enterprise and the Enterprise Security app, see Education Courses for Enterprise Security Customers for more information.

Other manuals for the Splunk App for Enterprise Security:

  • Release Notes: New and enhanced features, known issues, and bug fixes.
  • User Manual: Using the Splunk App for Enterprise Security.

This documentation applies to the following versions of ES: 3.1 , 3.1.1 , 3.2 , 3.2.1 , 3.2.2 , 3.3.0 , 3.3.1 View the Article History for its revisions.

You must be logged into in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!