These use cases walk you through monitoring, investigation, and detection scenarios for security incidents using Splunk Enterprise Security. Use the available dashboards, alerts, correlation searches, as well as custom searches, to assess and remediate threats in your environment.
The following use cases explain real-world ways you can use Splunk Enterprise Security.
- Using Enterprise Security to find Malware
- Use DNS data to identify malware patient zero
- Investigating potential zero-day activity with Splunk Enterprise Security
Identify suspicious activity
Using Enterprise Security to find Malware
This documentation applies to the following versions of Splunk® Enterprise Security: 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.1.0