Splunk® Enterprise Security

Use Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Share Threat Data in Splunk Enterprise Security

We can respond much faster and more precisely to the evolving threat landscape when our Splunk Enterprise Security customers share their threat and event data with us for enhanced insights and analytics. Shared data from our Splunk Enterprise Security community helps us to provide improved detection capabilities, update threat intelligence, analyze threat trends, and perform more informed testing, improvement and operations of our security offerings. With our updated Splunk General Terms and Splunk Specific Offering Terms for Enterprise Security, you give us instructions to collect and analyze threat and event data in your Splunk Enterprise Security Hosted Service. Our mission with this data sharing program is to develop new analytics and machine learning (ML) models as well as make our security offerings more responsive and predictive to the needs of you and our other customers.

What is the benefit to me?

Following is a list of benefits for participating in Threat Data usage in Splunk Enterprise Security enhancement program: 

  • Reduced noise and higher fidelity outcomes: Customers who share their data under this program have the benefit of new analytics and ML models in our security offerings tested and tuned against their data. When your data is part of this processing, we expect less false positives and noise, and more reliable outcomes, when those new analytics and models are processing your data in your production environment.
  • Early access to new detections: Customers who allow Splunk to process their data might be given early access to new detections based on the insights gained from the shared information and knowledge of how it performs using your data. This can help you to stay ahead of the curve by utilizing the latest security content as quickly as possible.
  • Customized security insights: Customer data contributes to tailored analytics and insights into the latest security trends, that can be shared for more relevant and actionable outcomes.
  • Transparency and control: Splunk is committed to the transparent handling of data with clear options to manage the data you instruct Splunk to use for these purposes. You can have confidence of knowing how your data is used and retain the ability to withdraw your permission at any time.

How to opt-out of sharing Threat Data

To opt-out of the sharing of your Threat Data that is ingested into Splunk Enterprise Security and use as described above, please submit an email to optoutdatause@splunk.com. For timely processing of your request, be sure the email contains the following information:

  • The full name of your company
  • Splunk Enterprise Security Cloud customers should include the name of your company's Splunk Enterprise Security stack (the URL of your Cloud deployment)
  • The name of your Splunk Sales Representative (if known)
Last modified on 21 October, 2024
Scenario: Monitor privileged accounts for suspicious activity  

This documentation applies to the following versions of Splunk® Enterprise Security: 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters