Splunk® Enterprise Security

Installation and Upgrade Manual

Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Download topic as PDF

About the Splunk App for Enterprise Security

The Splunk App for Enterprise Security provides the security practitioner with visibility into security-relevant threats found in the enterprise infrastructure by capturing, monitoring, and reporting on data from enterprise security devices, systems, and applications. Through the use of Splunk Enterprise searching and reporting capabilities, the Enterprise Security app provides a top-down and bottom-up view of an organization's security posture.

The Splunk App for Enterprise Security leverages Splunk Enterprise search-time normalization techniques, saved searches, and correlation searches to provide visibility into security-relevant threats and activity and generate notable events for tracking. The Enterprise Security app will assist the security practitioner in investigating and exploring the data to find new or unknown threats that do not follow signature-based patterns.

The Installation and Configuration Manual covers planning, installing, and configuring the Splunk for Enterprise Security deployment. It also covers how to customize the app after installation. The upgrade topic discusses how to update to the latest version of the Splunk App for Enterprise Security.

This manual assumes the reader can install, configure, and administer Splunk Enterprise. If you need training on Splunk Enterprise and the Enterprise Security app, see Education Courses for Enterprise Security Customers for more information.

Other manuals for the Splunk App for Enterprise Security:

  • Release Notes: New and enhanced features, known issues, and bug fixes.
  • User Manual: Using the Splunk App for Enterprise Security.
  NEXT
Learn More and how to get help

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters