Splunk Cloud Platform

Federated Search

Federated Analytics and Splunk Enterprise Security

After you set up your Federated Analytics federated provider, you can combine your capability to search remote and natively ingested Amazon Security Lake datasets with the powerful threat detection and threat hunting features of Splunk Enterprise Security.

Use Federated Analytics with Splunk Enterprise Security to gain the following benefits:

  • Unified visibility into your security operations center (SOC): Apply high-frequency detections and alerts to the Amazon Security Lake data that you ingest into your data lake indexes, while also running ad-hoc threat hunting federated searches over archives of older security data in its native ASL storage environment.
  • Clever resource management: Fetch and analyze precisely the security data that you need to review from Amazon Security Lake and your data lake indexes on your Splunk Cloud Platform deployment, optimizing your Splunk Enterprise Security computational resources and focusing your efforts on high-value activities.
  • Proactive incident tracking and resolution: Empower your organization to proactively detect, investigate, and respond to threats across all of your security data, wherever it is stored.

Configure Splunk Enterprise Security for Federated Analytics

Before Splunk Enterprise Security can take advantage of the benefits of Federated Analytics, you must follow a few steps to ensure that Splunk Enterprise Security and Federated Analytics can properly work together.

The instructions for facilitating the interface between Federated Analytics and Splunk Enterprise Security differ depending on the version of Splunk Enterprise Security you are using.

Last modified on 18 November, 2024
Run Federated Analytics searches   sdselect command overview

This documentation applies to the following versions of Splunk Cloud Platform: 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters