Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

About the Splunk App for Enterprise Security

The Splunk App for Enterprise Security provides the security practitioner with visibility into security-relevant threats found in today's enterprise infrastructure. Through the use of Splunk search correlation and reporting capabilities, Splunk for Enterprise Security provides a top-down and bottom-up view of an organization's security posture.

The app allows security analysts to find security threats through both provided and custom correlation searches, as well as investigate and explore the data to find unknown threats that do not follow signature-based patterns. Splunk for Enterprise Security customers can capture, monitor, and report on data from enterprise security devices, systems, and applications. As issues are identified, security administrators can investigate and resolve the security threats in Access Protection, Endpoint Protection, and Network Protection.

The Installation and Configuration Manual covers planning, installing, and configuring a Splunk for Enterprise Security deployment. It also describes how to administer, manage, and customize the app after it has been installed. An upgrade section covers how to upgrade from the Splunk App for Enterprise Security 2.x to the latest version of the Splunk App for Enterprise Security.

See the following documents:

  • Release Notes: New and enhanced features, fixed bugs, and known issues
  • User Manual: Using the Splunk App for Enterprise Security
  • Data Source Integration Manual: (For administrators and developers) How to add custom data sources to the Splunk App for Enterprise Security. Includes a list of the source types available out-of-the-box for the Splunk App for Enterprise Security.

Note: The Splunk App for Enterprise Security leverages Splunk search-time normalization techniques, saved searches, and correlation searches to generate notable events (alerts) and provide visibility into security-relevant threats and activity. This manual assumes that you are an advanced Splunk user and that you know how to install, configure, and administer Splunk. For more information about Splunk, see the Splunk Enterprise documentation.

Last modified on 27 March, 2014
PREVIOUS
About Enterprise Security
  NEXT
New to Splunk?

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters