Overview of Splunk Security Cloud
Monitor, investigate, and respond with Splunk Security Cloud, an integrated portfolio of solutions for security operations teams. Splunk Security Cloud is available in Standard and Plus editions and pricing is based on protective devices. Protective devices refer to the number of devices or virtual machines that are active on one or more of the organization's networks or systems.
You may also use the InfoSec app for Splunk, an entry level starter app for using Splunk Security, to address the most common security use cases, including continuous monitoring and security investigations. The InfoSec app for Splunk also includes a number of advanced threat detection use cases that may be further expanded using available security resources like the Security Essentials (SSE) app. For more information on the InfoSec app for Splunk, see the following documentation links:
Each of the editions in Splunk Cloud Security suite corresponds to a specific set of discrete products that exist currently with their own set of features, capabilities, and limitations. Optionally, you can also add automation as an add-on feature to any of the suites.
|Security Cloud Standard Edition||Gets started with security operations by centralizing all security relevant data, informing basic investigations, and standardizing initial response workflows.|
|Security Cloud Plus Edition||Upgrades the investigation base by leveraging default data models, frameworks, dashboards, and event correlations and providing investigation, analytics, and continuous monitoring capabilities.|
|Add-on Automation||Provides automation, security orchestration, and response capabilities, which reduces alert fatigue and enables security teams to focus on mission-critical tasks and respond to threats faster.|
The Splunk Security Cloud Suite allows you to purchase existing products under a common licensing unit. Therefore, the use cases for the Security Cloud suite are similar to the standalone products that are included within them.
For more information on the Enterprise Security use cases, see Enterprise Security use cases.
Security Cloud - Standard edition
This documentation applies to the following versions of Splunk® Security Cloud: GA