Splunk® Security Essentials

Use Splunk Security Essentials

Filtering procedures by security maturity in Splunk Security Essentials

Splunk Security Essentials offers default procedures for a variety of security use cases and for every stage of the security journey. The procedures provide a way to start ingesting your data into Splunk Enterprise and monitoring useful metrics within your environment. For more information on available procedures, see Review your content with the Security Content page.

Security maturity journey stages

There are six stages of security maturity. Go to Data > Security Data Journey to see the journey stages and to filter the procedures available at each stage. The following table describes the six stages:

Stage Description
1. Collection Collect basic security logs and other machine data from your environment.
2. Normalization Apply a standard security taxonomy and add asset and identity data.
3. Expansion Collect additional high fidelity data sources like endpoint activity and network metadata to drive advanced attack detection.
4. Enrichment Augment security data with intelligence sources to better understand the context and impact of an event.
5. Automation and Orchestration Establish a consistent and repeatable security operation capability.
6. Advanced Detection Apply sophisticated detection mechanisms, including machine learning.
Last modified on 20 January, 2023
Related resources for Splunk Security Essentials   Search in Splunk Security Essentials

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters