Scenarios using Splunk Enterprise Security
These scenarios walk you through monitoring, investigation, and detection scenarios for security incidents using Splunk Enterprise Security. Use the available dashboards, alerts, correlation searches, as well as custom searches, to assess and remediate threats in your environment.
The following scenarios explain real-world ways you can use Splunk Enterprise Security.
Scenarios to detect malware
- Scenario: Find Malware using Splunk Enterprise Security
- Scenario: Use DNS data to identify malware patient zero
- Scenario: Investigate potential zero-day activity
Scenarios to identify suspicious activity
- Scenario: Find data exfiltration using Splunk Enterprise Security
- Scenario: Monitor privileged accounts for suspicious activity
Additional scenarios using risk-based alerting
Additionally, you can also refer to the following scenarios that are based on risk-based alerting in the Use Splunk Enterprise Security Risk-based Alerting manual:
Viewing data from Splunk UBA in Enterprise Security
Scenario: Find malware using Splunk Enterprise Security
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.2.0