Splunk® Mission Control

Set Up and Customize Splunk Mission Control

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

How Splunk Mission Control works with other Splunk software

You can use Splunk Mission Control on its own, or you can use it with other Splunk software to take advantage of analytics content. Take advantage of the data storage and analysis capabilities in existing Splunk software, and send data to Splunk Mission Control so that you can use it as a centralized interface for all of your security data analysis and investigative needs.

Splunk Mission Control and its supporting components

Splunk Mission Control uses Splunk Connect for Mission Control to facilitate data flows and on-premises actions.

This diagram shows the data flows between Splunk Mission Control and Splunk Connect for Mission Control, as well as Splunk ES.

After you install Splunk Connect for Mission Control, you can perform searches against a Splunk Enterprise Security instance, and view the search results in Splunk Mission Control. You can also forward notable and risk data from Splunk Enterprise Security to Splunk Mission Control.

How Splunk Mission Control works with the Splunk platform

Run searches in the Splunk platform from Splunk Mission Control. After you install Splunk Connect for Mission Control, you can securely search your on-premises data from Splunk Mission Control without changing where the data is stored. See Set up Splunk Connect for Mission Control with Splunk Mission Control for more details.

How Splunk Mission Control works with Splunk Enterprise Security

You can send notable events and artifacts from Splunk Enterprise Security to Splunk Mission Control for triage and investigation.

Splunk Connect for Mission Control includes configurations that simplify sending notable events and accompanying data from Splunk ES to Splunk Mission Control. See Get data into Splunk Mission Control.

Terminology differences between Splunk Mission Control and other apps

Splunk Mission Control uses similar concepts as other Splunk security software, but uses some different terms. This table provides guidance for how Splunk Mission Control uses those terms and introduces new ones.

Splunk Mission Control term Splunk Phantom term Splunk Enterprise Security term Splunk UBA term
Notable Event or Container Notable event Threat
Event Artifact or Container Event Anomaly
Artifact Indicator Artifact N/A
Notable investigation N/A Investigation N/A
Response template Workbook or Case Workbook Next steps N/A
Connector App N/A N/A
Connector Configuration Asset N/A N/A
Last modified on 29 April, 2021
PREVIOUS
Supported browsers for Splunk Mission Control
  NEXT
Monitor and audit activities in Splunk Mission Control

This documentation applies to the following versions of Splunk® Mission Control: Current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters