About Splunk Enterprise Security
Splunk Enterprise Security provides the security practitioner with visibility into security-relevant threats found in today's enterprise infrastructure. Splunk Enterprise Security is built on the Splunk operational intelligence platform and uses the search and correlation capabilities, allowing users to capture, monitor, and report on data from security devices, systems, and applications. As issues are identified, security analysts can quickly investigate and resolve the security threats across the access, endpoint, and network protection domains.
Access Splunk Enterprise Security
- Open a web browser and navigate to Splunk Web.
- Log in with your username and password.
- From the Apps list, click Enterprise Security.
Get started with common analyst workflows in Splunk Enterprise Security.
- See Introduction to the dashboards available in Splunk Enterprise Security for an overview of the dashboards available and how to use them for your use cases.
- See Overview of Incident Review in Splunk Enterprise Security to learn how to work with notable events.
- See Investigations in Splunk Enterprise Security for an introduction to tracking your work in an investigation.
- See Use Analytic Stories for actionable guidance in Splunk Enterprise Security for using the use case library to help with detecting, analyzing, and addressing security threats.
- See Analyze risk in Splunk Enterprise Security to learn how Splunk Enterprise Security assigns risk to objects.
If you are a Splunk Enterprise Security administrator, see Administer Splunk Enterprise Security to access documentation specific to your administrator workflows.
Overview of Incident Review in
This documentation applies to the following versions of Splunk® Enterprise Security: 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only