Splunk® Mission Control

Splunk Mission Control Service Description

Splunk Mission Control service details

Splunk Mission Control is an integrated security operations application that lets you triage, investigate, and respond to security incidents from a cloud-based console accessible from Splunk Enterprise Security (Cloud). Data from Splunk Enterprise Security (Cloud) appears in the app as incidents.

Splunk Mission Control regional availability

Splunk Mission Control is currently available in the following regions from the AWS Data Center:

AWS region Region name Geographic area
us-east-1 US East N. Virginia
us-east-2 US East Ohio
us-west-1 US West N. California
us-west-2 US West Oregon
eu-west-1 Europe Dublin
eu-west-2 Europe London
eu-west-3 Europe Paris
eu-central-1 Europe Frankfurt
ca-central-1 Canada Montréal
ap-southeast-2 Asia Pacific Sydney
ap-northeast-1 Asia Pacific Tokyo
ap-southeast-1 Asia Pacific Singapore

Splunk Mission Control isn't designed or developed for internationalization, so you might experience errors in the Splunk Mission Control interface if you customize your security operations in a non-latin language.

Access Splunk Mission Control

Splunk Mission Control is preinstalled at no additional cost as an app on Splunk Enterprise Security (Cloud) versions 6.6 and higher. Splunk Mission Control is not installed or included for any Splunk SOAR products licensed independent of Splunk Enterprise Security (Cloud), and Splunk Mission Control is not compatible with Splunk Enterprise or Splunk Enterprise Security (Cloud) deployed in a search head cluster environment.

Accessing Splunk Mission Control and included data from integrated services or other compatible products licensed from Splunk might result in added SVC resource consumption. However, use of Splunk Mission Control has no effect on user or seat-based license entitlements. For Splunk Cloud customers who license Splunk Enterprise Security (Cloud) and SOAR (Cloud) directly from Splunk, use of Splunk Mission Control does not affect your Splunk SOAR seats or the licensed number of users allowed to log in to Splunk SOAR (Cloud).

You must also deploy your stack in an available AWS region to access Splunk Mission Control. See Splunk Mission Control regional availability.

Access automation functionality with Splunk SOAR (Cloud)

Splunk SOAR (Cloud) provides security orchestration and automation functionality to Splunk Mission Control. With the free Splunk SOAR (Cloud) trial in Splunk Mission Control, you can run unlimited playbooks up to a maximum total of 100 actions per day. If you're a current Splunk SOAR (Cloud) customer, you can't migrate your existing automation data, such as playbooks and assets, into Splunk Mission Control. Instead, to access automation functionality in Splunk Mission Control you must start the Splunk SOAR (Cloud) trial. The trial expires 6 months after you start it, and is not Splunk-supported.

Upon trial expiration, if you choose not to upgrade your license you will lose access to Splunk SOAR features in Splunk Mission Control and will no longer be able to do the following:

  • Run actions
  • Run playbooks
  • Delegate prompts

You might not receive prior notice of downtime for automation actions in Splunk Mission Control when upgrades are made to Splunk SOAR (Cloud).

To continue using Splunk SOAR (Cloud) to automate your incident response and run unlimited actions in Splunk Mission Control after expiration of the 6-month trial, upgrade your Splunk SOAR license. Contact your account manager to request an upgrade or to check which version of Splunk SOAR you are using.

Threat Intelligence Management availability

Threat Intelligence Management is accessible from within Splunk Mission Control to provide intelligence support to Splunk Enterprise Security (Cloud) customers.

To access Threat Intelligence Management within Splunk Mission Control, you must be:

  • Licensing the generally available commercial (and not preview or limited release) versions of Splunk Mission Control and Splunk Enterprise Security (Cloud) 6.6 or higher
  • Residing in one of the following available regions:
AWS region Geographic area
us-east-1 N. Virginia
us-west-2 Oregon
ap-sourtheast-2 Sydney
ap-northeast-1 Tokyo
ap-southeast-1 Singapore
ca-central-1 Montréal
eu-central-1 Frankfurt
eu-west-2 London
eu-west-1 Ireland
eu-west-3 Paris

If you meet the above criteria, Threat Intelligence Management is automatically included with Splunk Enterprise Security (Cloud) and accessible in Splunk Mission Control at no additional cost. See Get started with Threat Intelligence Management in Splunk Mission Control in the Investigate and Respond to Threats in Splunk Mission Control manual.

SOC2 compliance

Splunk Mission Control is SOC 2 compliant, with SOC 2 Type II compliance.

The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customer data. If you require the SOC 2 Type II attestation to review, contact your Splunk sales representative to request it.


Splunk Mission Control can impact the performance of your Splunk Cloud Platform deployment by up to 2%.

Data storage and retention

Data sent to Splunk Mission Control as incidents from Splunk Enterprise Security (Cloud) is stored for active subscribers in accordance with policy and retention settings. For more information on data storage, retention, and management, see Review Splunk Cloud Platform data policies in the Splunk Cloud Platform Admin Manual.

Service maintenance and updates

Splunk strives to manage and update Splunk Mission Control uniformly, so all customers of Splunk Mission Control receive the most current features and functionality. Accordingly, it is possible Splunk might push updates to the Splunk Mission Control service without prior notice and outside of other official or assigned service maintenance windows. These updates should not impose any downtime, restarts, or other service interruptions. We will endeavor to honor a change freeze request provided the request is less than 30 days in duration. Not all such requests may be accommodated.

Support and resources

If you have any questions about Splunk Mission Control, search or post on Splunk Answers.

Last modified on 15 December, 2023

This documentation applies to the following versions of Splunk® Mission Control: Current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters