Splunk® Enterprise Security

Use Splunk Enterprise Security Risk-based Alerting

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Additional resources

Use the following resources for more information on Splunk Enterprise Security and risk-based alerting:

Splunk RBA community

The Splunk RBA Community developed by Outpost Security is amazing and full of very active members who are supportive of new users. You can sign up for the RBA Community Slack channel to ask questions on risk-based alerting, identify best practices, and interact with the community of users. See RBA community Slack channel

Additionally, you can search for solutions or ask questions on Splunk Answers, connect with helpful and fun Splunk enthusiasts through chat groups, or meet users in your local area at User Groups near you. The Community portal has everything you need to discover how to set yourself up for success with the Splunk Community.

Splunk Enterprise Security documentation

Splunk Enterprise Security has a wide range of documentation, including tutorials, scenarios, and manuals for administrators, developers, and users.

See Splunk Enterprise Security Documentation site.

The essential guide to risk-based alerting

See The essential guide to risk-based alerting. This 58-page guide takes you on a step-by-step maturity journey to a successful RBA implementation with high-level explanation and hands-on examples.

Quick references

For more information on deployment planning, installation, upgrade, configuration, see the product documentation:

To learn more about validating ingested data so that alerting is easier and more consistent, use the Common Information model (CIM) add-on:

Overview of the Splunk Common Information Model

Other miscellaneous resources on security

Review the following resources for .conf presentations, blogs, use cases, videos, and tutorials on security and RBA:

Send us feedback

At the bottom of every page of Splunk documentation is a quick form that you can use to send us feedback.

Last modified on 22 June, 2023
Investigate risk notables using Threat Topology visualization  

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters