Splunk® Enterprise Security

Use Splunk Enterprise Security

About Splunk Enterprise Security

Splunk Enterprise Security version 8.0 and higher provides a comprehensive threat detection, investigation, and response solution, which is key to the security monitoring strategy of today's enterprise infrastructure. Splunk Enterprise Security combines the best features and functionalities of Splunk's Security Infrastructure and Event Monitoring (SIEM), Security Orchestration Automation and Response (SOAR), and threat intelligence management capabilities to identify security threats and effectively respond to them.

The following figure shows the evolution of Splunk's threat detection, investigation, and response solution in Splunk Enterprise Security: Evolution of Splunk's hreat detection, investigation, and response solution.

Using Splunk Enterprise Security version 8.0 and higher offers the following benefits:

  • Unified user experience and a seamless integrated workflow for case management, alert triage, investigation, and response
  • Aligned taxonomy with Open Cybersecurity Schema framework (OCSF) and industry standards
  • Enhanced detection and turnkey capabilities to implement risk-based alerting that creates high confidence alerts for investigations
  • Alert aggregation capabilities using finding groups that map to pre-determined rules based on common security frameworks and techniques
  • Automation with Splunk SOAR and full access to actions and playbooks.

Splunk Enterprise Security is built on the Splunk operational intelligence platform and uses the search and correlation capabilities, allowing users to capture, monitor, and report on data from security devices, systems, and applications. As issues are identified, security analysts can quickly investigate and resolve the security threats across the access, endpoint, and network protection domains.

Access Splunk Enterprise Security

  1. Open a web browser and go to Splunk Web.
  2. Log in with your username and password.
  3. From the Apps list, select Enterprise Security.

Get started with Splunk Enterprise Security

Get started with common analyst workflows in Splunk Enterprise Security.

  • Get an overview of your detections, findings and investigations on the Mission Control page of Splunk Enterprise Security. The analyst queue on the Mission Control page integrates the Incident review page of prior releases of Splunk Enterprise Security and Splunk Mission Control.
  • Get an overview of the dashboards available on the Analytics page of Splunk Enterprise Security and learn how to use them for your use cases.
  • Manage your security content and response plans on the Security content page of Splunk Enterprise Security.
  • Manage your settings for findings and investigations, threat intelligence data, and Splunk SOAR data integrated with Splunk Enterprise Security on the Configure page of Splunk Enterprise Security.
  • Use the Splunk platform search function for Splunk Enterprise Security data on the Search page of Splunk Enterprise Security.
Last modified on 30 August, 2024
  Licensing for Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters