The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation.
* Situational awareness dashboards give custom views of risk per domain, asset, or identity
* Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities
* Analysis centers provide indicators of unknown threats from traffic abnormalities
* Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity
* Statistical outlier detection tools aid anomaly detection
* Unified Threat Intelligence from many sources
* Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Detecting today's advanced threats can no longer be done using only rule and signature-based detection tools. It requires a comprehensive approach to security that can only be facilitated by a big data security intelligence platform that makes any data security relevant, scales to terabytes of data per day, and provides comprehensive statistical analysis capabilities to help security investigators find anomalies and outliers.
The Splunk App for Enterprise Security leverages the power Splunk Enterprise to give security professionals a single solution to detect known, threats and analyze massive volumes of data to look for unknown threats in normal user activity. Equally suitable for a small security team or an enterprise security operations center, the app is a primary data interface for the security professional faced with a growing list of threats from malicious insiders and advanced threats.
For more information see the Splunk ES Home Page.
Documentation may be found here: Splunk App for Enterprise Security Documentation