These scenarios walk you through monitoring, investigation, and detection scenarios for security incidents using Splunk Enterprise Security. Use the available dashboards, alerts, correlation searches, as well as custom searches, to assess and remediate threats in your environment.
The following scenarios explain real-world ways you can use Splunk Enterprise Security.
Scenario: Detect malware
- Using Enterprise Security to find Malware
- Use DNS data to identify malware patient zero
- Investigating potential zero-day activity
Scenario: Identify suspicious activity
- Using Enterprise Security to find Data Exfiltration
- Monitor privileged accounts for suspicious activity
Additional scenarios using risk-based alerting
Additionally, you can also refer to the following scenarios that are based on risk-based alerting in the Use Splunk Enterprise Security Risk-based Alerting manual:
Using Enterprise Security to find Malware
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.2.0