Splunk App for Enterprise Security

Splunk App for Enterprise Security helps identify and address emerging security threats through continuous monitoring, alerting, and analytics. Suitable for small teams and enterprise SOCs, ES is the best data interface for security analytics operations.

* Situational awareness dashboards give custom views of risk by domain, asset, or identity
* Incident Review provides analysis workflows that reveal the priority of an incident, incident context, and impact on assets and identities
* Analysis centers provide indicators of unknown threats from traffic abnormalities
* Correlation tools monitor for new attackers by correlating new domain registration with web activity
* Statistical outliers and risk scores aid anomaly detection
* User Activity Monitoring provides visibility into activities for rapid investigation and resolution
* Unified Threat Intelligence from many sources including TAXII feeds with support for STIX and OpenIOC
* Accepts NetFlow, logs, RDBMS, & more

This app requires a paid license to use.

Release Notes

Detecting today's advanced threats can no longer be done using only rule and signature-based detection tools. It requires a comprehensive approach to security that can only be facilitated by a big data security intelligence platform that makes any data security relevant, scales to terabytes of data per day, and provides comprehensive statistical analysis capabilities to help security investigators find anomalies and outliers.

The Splunk App for Enterprise Security leverages the power Splunk Enterprise to give security professionals a single solution to detect known, threats and analyze massive volumes of data to look for unknown threats in normal user activity. Equally suitable for a small security team or an enterprise security operations center, the app is a primary data interface for the security professional faced with a growing list of threats from malicious insiders and advanced threats.

For more information see the Splunk ES Home Page.

Documentation may be found here: Splunk App for Enterprise Security Documentation


55 ratings

Version 3.3.2

Splunk Supported

Built by Splunk Inc