About the Splunk App for Enterprise Security
The Splunk App for Enterprise Security provides the security practitioner with visibility into security-relevant threats found in today's enterprise infrastructure. Through the use of Splunk search correlation and reporting capabilities, Splunk for Enterprise Security provides a top-down and bottom-up view of an organization's security posture.
The app allows security analysts to find security threats through both provided and custom correlation searches, as well as investigate and explore the data to find unknown threats that do not follow signature-based patterns. Splunk for Enterprise Security customers can capture, monitor, and report on data from enterprise security devices, systems, and applications. As issues are identified, security administrators can investigate and resolve the security threats in Access Protection, Endpoint Protection, and Network Protection.
The Installation and Configuration Manual covers planning, installing, and configuring a Splunk for Enterprise Security deployment. It also describes how to administer, manage, and customize the app after it has been installed. An upgrade section covers how to upgrade from the Splunk App for Enterprise Security 2.x to the latest version of the Splunk App for Enterprise Security.
See the following documents:
- Release Notes: New and enhanced features, fixed bugs, and known issues
- User Manual: Using the Splunk App for Enterprise Security
- Data Source Integration Manual: (For administrators and developers) How to add custom data sources to the Splunk App for Enterprise Security. Includes a list of the source types available out-of-the-box for the Splunk App for Enterprise Security.
Note: The Splunk App for Enterprise Security leverages Splunk search-time normalization techniques, saved searches, and correlation searches to generate notable events (alerts) and provide visibility into security-relevant threats and activity. This manual assumes that you are an advanced Splunk user and that you know how to install, configure, and administer Splunk. For more information about Splunk, see the Splunk Enterprise documentation.
About Enterprise Security
New to Splunk?
This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1