These use cases walk you through monitoring, investigation, and detection scenarios for security incidents using Splunk Enterprise Security. Use the available dashboards, alerts, correlation searches, as well as custom searches, to assess and remediate threats in your environment.
The following use cases explain real-world ways you can use Splunk Enterprise Security.
- Using Enterprise Security to find Malware
- Use DNS data to identify malware patient zero
- Investigating potential zero-day activity
Identify suspicious activity
- Using Enterprise Security to find Data Exfiltration
- Monitor privileged accounts for suspicious activity
- Isolate threats with risk alerting
- Assign risk scores to assets and identities
- Generate risk notables using correlation searches
- Add annotations to enrich correlation search results
- Classify risk objects based on annotations
- Add a risk message and a risk score to a notable
- Adjust risk scores for specific objects
Reduce alert volume
- Reduce alert volumes by triaging notables
- Add dispositions to risk notables
- Sort notables by disposition
- Investigate risk notables that represent a threat
Isolate user behaviors
Using Enterprise Security to find Malware
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.0
Feedback submitted, thanks!