About the Splunk App for Enterprise Security
The Splunk App for Enterprise Security provides the security practitioner with visibility into security-relevant threats found in the enterprise infrastructure by capturing, monitoring, and reporting on data from enterprise security devices, systems, and applications. Through the use of Splunk Enterprise searching and reporting capabilities, the Enterprise Security app provides a top-down and bottom-up view of an organization's security posture.
The Splunk App for Enterprise Security leverages Splunk Enterprise search-time normalization techniques, saved searches, and correlation searches to provide visibility into security-relevant threats and activity and generate notable events for tracking. The Enterprise Security app will assist the security practitioner in investigating and exploring the data to find new or unknown threats that do not follow signature-based patterns.
The Installation and Configuration Manual covers planning, installing, and configuring the Splunk for Enterprise Security deployment. It also covers how to customize the app after installation. The upgrade topic discusses how to update to the latest version of the Splunk App for Enterprise Security.
This manual assumes the reader can install, configure, and administer Splunk Enterprise. If you need training on Splunk Enterprise and the Enterprise Security app, see Education Courses for Enterprise Security Customers for more information.
Other manuals for the Splunk App for Enterprise Security:
- Release Notes: New and enhanced features, known issues, and bug fixes.
- User Manual: Using the Splunk App for Enterprise Security.
- Data Source Integration Manual: How to add custom data sources to the Splunk App for Enterprise Security.
Learn More and how to get help
This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3