Splunk® Enterprise Security

Use Splunk Enterprise Security

Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Download topic as PDF

Overview

The Splunk App for Enterprise Security provides the security practitioner with visibility into security-relevant threats found in today's enterprise infrastructure. Through the use of Splunk's unique and powerful search correlation and reporting capabilities, Enterprise Security provides a top-down and bottom-up view of an organization's security posture. The Splunk App for Enterprise Security is built on the Splunk Operational Intelligence platform and leverages Splunk's native search and correlation capabilities, allowing Enterprise Security customers to capture, monitor, and report on data from enterprise security devices, systems, and applications. As issues are identified, security administrators can quickly investigate and resolve the security threats in the areas of Access Protection, Endpoint Protection, and Network Protection.

This guide is intended for security analysts and security investigators who use Enterprise Security to monitor and investigate security problems within an enterprise environment. For additional information see the following documents:

  • Installation and Configuration Manual: This manual for administrators describes how to plan your Splunk Enterprise Security deployment and install and configure the Splunk App for Enterprise Security.
  • Data Source Integration Manual: This manual for administrators and developers describes how to add custom data sources to the Splunk App for Enterprise Security. It includes step-by-step instructions and a list of out-of-the box source types supported by the Splunk App for Enterprise Security.


Access the Splunk App for Enterprise Security

After the Enterprise Security search head has been set up.

1. Open a web browser and navigate to Splunk Web. Note: the Splunk App for Enterprise Security automatically enables SSL.
https://splunkserver:8000

2. Enter your Splunk username and password.

3. Click on Splunk Home and click the Enterprise Security app. You will see the Splunk App for Enterprise Security Home page.

Es-home-page 3.0.png

From this dashboard:

  NEXT
Dashboard overview

This documentation applies to the following versions of Splunk® Enterprise Security: 3.2, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters