How Splunk Mission Control works with other Splunk software
You can use Splunk Mission Control on its own, or you can use it with other Splunk software to take advantage of analytics content. Take advantage of the data storage and analysis capabilities in existing Splunk software, and send data to Splunk Mission Control so that you can use it as a centralized interface for all of your security data analysis and investigative needs.
Splunk Mission Control and its supporting components
Splunk Mission Control uses Splunk Connect for Mission Control to facilitate data flows and on-premises actions.
After you install Splunk Connect for Mission Control, you can perform searches against a Splunk Enterprise Security instance, and view the search results in Splunk Mission Control. You can also forward notable and risk data from Splunk Enterprise Security to Splunk Mission Control.
How Splunk Mission Control works with the Splunk platform
Run searches in the Splunk platform from Splunk Mission Control. After you install Splunk Connect for Mission Control, you can securely search your on-premises data from Splunk Mission Control without changing where the data is stored. See Set up Splunk Connect for Mission Control with Splunk Mission Control for more details.
How Splunk Mission Control works with Splunk Enterprise Security
You can send notable events and artifacts from Splunk Enterprise Security to Splunk Mission Control for triage and investigation.
Splunk Connect for Mission Control includes configurations that simplify sending notable events and accompanying data from Splunk ES to Splunk Mission Control. See Get data into Splunk Mission Control.
Terminology differences between Splunk Mission Control and other apps
Splunk Mission Control uses similar concepts as other Splunk security software, but uses some different terms. This table provides guidance for how Splunk Mission Control uses those terms and introduces new ones.
|Splunk Mission Control term||Splunk Phantom term||Splunk Enterprise Security term||Splunk UBA term|
|Notable||Event or Container||Notable event||Threat|
|Event||Artifact or Container||Event||Anomaly|
|Response template||Workbook or Case Workbook||Next steps||N/A|
Supported browsers for Splunk Mission Control
Monitor and audit activities in Splunk Mission Control
This documentation applies to the following versions of Splunk® Mission Control: Current