Detect. Prevent. Respond.

Splunk Enterprise Security is a next-generation security intelligence platform that addresses SIEM (Security Information and Event Management) use cases by providing pre-packaged dashboards, reports, incident response workflows, analytics, and correlations to quickly identify, investigate, and respond to internal and external threats. It also provides out-of-the-box support for the most common security data sources including network security, endpoint solutions, malware and payload analysis, network and wire data, identity and asset management systems, and threat intelligence to accelerate deployment and adoption.

Splunk Enterprise Security includes:

  • Library of security- and risk-based KPIs and KSIs to use in any combination within dashboards and monitors to streamline security operations
  • Threat Intelligence Framework—aggregate, de-duplicate and operationalize threat feeds from multiple sources including open sources, subscription based, law enforcement, local, and shared from other organizations
  • Supports multiple formats including flat-files and standards-based formats such as STIX and OpenIOC as well as support for multiple transport mechanisms such as TCP and TAXII
  • Incident review dashboards and workflow actions enable users to drill down or pivot on any piece of data to rapidly understand the priority, impact and context of any activity
  • End-to-end visibility with direct access across all data and security domains including user/asset, network, endpoint, access, threat intelligence and wire data technologies
Get Started
  • Fact Sheet Splunk Enterprise Security
  • Demo
    Splunk Enterprise Security
  • Video
    Security Posture Dashboard
  • Video
    Asset Investigator
  • Video
    Threat Lists
Splunk Enterprise Security Free Online Sandbox
cedarcrestone logoManaging Operational Risk for Maximum Reward

"Until we found Splunk, there hasn't been a tool that was flexible enough to allow us to develop our own level of technology to address our unique requirements. We tried a traditional SIEM system and it didn't work for us."

-Dan Frye, Associate Vice President, Corporate Security, CedarCrestone

Read the Case Study

Splunk Enterprise Security

Splunk Enterprise Security runs on top of Splunk® Enterprise to identify and address emerging security threats through the use of monitoring, alerts and analytics.

faster data onboarding icon

Reports, Dashboards and Security Metrics

Leverage a rich set of pre-built dashboards, reports, correlations and security indicators to increase monitoring coverage, improve incident response times, and demonstrate compliance.
easier analytics icon

Security Analytics, Correlation and Response

Optimize security monitoring, prioritization, response, containment and remediation processes by analyzing machine data to understand the impact of alerts or incidents.
proved scalability icon

Risk-Based Analysis

Apply risk scores to any data or correlation to enhance decision-making and align risk posture with the business.
centralized management icon

User Identity and Asset Correlation

Apply user- and asset-based context to all machine data to monitor user and asset activities and to verify privileged access and detect unusual activity.

Threat Intelligence Sources

Threat intelligence sources include free threat-intelligence feeds, third-party subscriptions, law enforcement, FS-ISAC Soltra (via STIX/TAXII), internal and shared data.
faster data onboarding icon

Operationalize Threat Intelligence

Multiple threat intelligence sources can be aggregated, de-duplicated and assigned weights so a wide range of IOCs can be used for all aspects of monitoring, alerting, reporting, investigation and forensic analysis.
easier analytics icon

Detect Unknown and Advanced Threats

Detect unusual activities associated with advanced threats by leveraging statistical analysis, correlation searches, dynamic thresholds, and anomaly detection.

User Activity Monitoring

User activity monitoring can be employed to detect anomalous user activities and high-risk behaviors, as well as stolen credentials by external attackers.

Ask a Security Expert

Joe Goldberg


Expertise: Using Splunk for security, compliance and anti-fraud/theft/abuse use cases. Includes how to use Splunk as a SIEM or to power a SOC.

Contact Us
joe goldberg expert