Splunk® Enterprise Security

Administer Splunk Enterprise Security

Splunk Enterprise Security (ES) versions 6.0.0, 6.0.1, and 6.3.0 are no longer available for download from Splunkbase as of April 15, 2021. Please upgrade to the latest version of Splunk Enterprise Security to avoid any potential issues with Assets and Identity management.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Administering Splunk Enterprise Security

Splunk Enterprise Security administrators are responsible for configuring, maintaining, auditing, and customizing an instance of Splunk Enterprise Security. If you are not administering Splunk Enterprise Security, see Use Splunk Enterprise Security for an introduction to using this app as a security analyst.

Use the links below to learn more about administrative tasks in Splunk Enterprise Security.

Manage and support analyst workflows

To enable and customize the workflows for analysts in your organization, see:

Enrich data for Enterprise Security

Enrich Splunk Enterprise Security with data about the assets and identities in your environment and with additional data about known threats.

Manage and customize configurations

To perform ongoing configuration in Splunk Enterprise Security, see:


You can find additional configuration information in the Install and Upgrade Manual.

Create, manage, and export content

To create new content or manage and customize existing content, see:


To share custom content with other ES instances, see Export content from Splunk Enterprise Security as an app.

Troubleshoot dashboards

Configure users and roles

Configure user roles and capabilities to provide granular, role-based access control for your organization. See Configure users and roles.

Last modified on 22 November, 2021
  Managing Incident Review in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only, 6.6.0, 6.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters