Splunk® Enterprise Security

Use Splunk Enterprise Security

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Scenarios using Splunk Enterprise Security

These scenarios walk you through monitoring, investigation, and detection scenarios for security incidents using Splunk Enterprise Security. Use the available dashboards, alerts, correlation searches, as well as custom searches, to assess and remediate threats in your environment.

The following scenarios explain real-world ways you can use Splunk Enterprise Security.

Scenarios to detect malware

Scenarios to identify suspicious activity

Additional scenarios using risk-based alerting

Additionally, you can also refer to the following scenarios that are based on risk-based alerting in the Use Splunk Enterprise Security Risk-based Alerting manual:

Last modified on 02 June, 2023
Viewing data from Splunk UBA in Enterprise Security   Scenario: Find malware using Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters