Splunk Mission Control service details
Splunk Mission Control is an integrated security operations application that lets you triage, investigate, and respond to security incidents from a cloud-based console accessible from Splunk Enterprise Security (Cloud). Data from Splunk Enterprise Security (Cloud) appears in the app as incidents.
Splunk Mission Control regional availability
Splunk Mission Control is currently available in the following regions from the AWS Data Center:
AWS region | Region name | Geographic area |
---|---|---|
us-east-1 | US East | N. Virginia |
us-east-2 | US East | Ohio |
us-west-1 | US West | N. California |
us-west-2 | US West | Oregon |
eu-west-1 | Europe | Dublin |
eu-west-2 | Europe | London |
eu-west-3 | Europe | Paris |
eu-central-1 | Europe | Frankfurt |
ca-central-1 | Canada | Montréal |
ap-southeast-2 | Asia Pacific | Sydney |
ap-northeast-1 | Asia Pacific | Tokyo |
ap-southeast-1 | Asia Pacific | Singapore |
Splunk Mission Control isn't designed or developed for internationalization, so you might experience errors in the Splunk Mission Control interface if you customize your security operations in a non-latin language.
Access Splunk Mission Control
Splunk Mission Control is preinstalled as an app on Splunk Enterprise Security (Cloud) versions 6.6 and higher. Splunk Mission Control is not installed or included for any Splunk SOAR products licensed independent of Splunk Enterprise Security (Cloud), and Splunk Mission Control is not compatible with Splunk Enterprise or Splunk Enterprise Security (Cloud) deployed in a search head cluster environment.
Accessing Splunk Mission Control and included data from integrated services or other compatible products licensed from Splunk might result in added SVC resource consumption. However, use of Splunk Mission Control has no effect on user or seat-based license entitlements. For Splunk Cloud customers who license Splunk Enterprise Security (Cloud) and SOAR (Cloud) directly from Splunk, use of Splunk Mission Control does not affect your Splunk SOAR seats or the licensed number of users allowed to log in to Splunk SOAR (Cloud).
You must also deploy your stack in an available AWS region to access Splunk Mission Control. See Splunk Mission Control regional availability.
Threat Intelligence Management availability
Threat Intelligence Management is accessible from within Splunk Mission Control to provide intelligence support to Splunk Enterprise Security (Cloud) customers.
To access Threat Intelligence Management within Splunk Mission Control, you must be:
- Licensing the generally available commercial (and not preview or limited release) versions of Splunk Mission Control and Splunk Enterprise Security (Cloud) 6.6 or higher
- Residing in one of the following available regions:
AWS region | Geographic area |
---|---|
us-east-1 | N. Virginia |
us-west-2 | Oregon |
ap-sourtheast-2 | Sydney |
ap-northeast-1 | Tokyo |
ap-southeast-1 | Singapore |
ca-central-1 | Montréal |
eu-central-1 | Frankfurt |
eu-west-2 | London |
eu-west-1 | Ireland |
eu-west-3 | Paris |
If you meet the above criteria, Threat Intelligence Management is automatically included with Splunk Enterprise Security (Cloud) and accessible in Splunk Mission Control at no additional cost. See Get started with Threat Intelligence Management in Splunk Mission Control in the Investigate and Respond to Threats in Splunk Mission Control manual.
SOC2 compliance
Splunk Mission Control is SOC 2 compliant, with SOC 2 Type II compliance.
The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customer data. If you require the SOC 2 Type II attestation to review, contact your Splunk sales representative to request it.
Performance
Splunk Mission Control can impact the performance of your Splunk Cloud Platform deployment by up to 2%.
Data storage and retention
Data sent to Splunk Mission Control as incidents from Splunk Enterprise Security (Cloud) is stored for active subscribers in accordance with policy and retention settings. For more information on data storage, retention, and management, see Review Splunk Cloud Platform data policies in the Splunk Cloud Platform Admin Manual.
Service maintenance and updates
Splunk strives to manage and update Splunk Mission Control uniformly, so all customers of Splunk Mission Control receive the most current features and functionality. Accordingly, it is possible Splunk might push updates to the Splunk Mission Control service without prior notice and outside of other official or assigned service maintenance windows. These updates should not impose any downtime, restarts, or other service interruptions. We will endeavor to honor a change freeze request provided the request is less than 30 days in duration. Not all such requests may be accommodated.
Support and resources
If you have any questions about Splunk Mission Control, search or post on Splunk Answers.
This documentation applies to the following versions of Splunk® Mission Control: Current
Feedback submitted, thanks!