Detect. Prevent. Respond.

The Splunk App for Enterprise Security is a next-generation security intelligence platform that addresses SIEM (Security Information and Event Management) use cases by providing pre-packaged dashboards, reports, incident response workflows, analytics and correlations. It also provides out-of-the-box support for the most common security data sources including network security, endpoint solutions, malware and payload analysis, network and wire data, identity and asset management systems, and threat intelligence to accelerate deployment and adoption.

Splunk App for Enterprise Security includes:

  • Library of security- and risk-based KPIs and KSIs to use in any combination within dashboards and monitors to streamline security operations
  • Incident review dashboards and workflow actions that enable users to drill down or pivot on any piece of data to rapidly understand the priority, impact and context of any activity
  • End-to-end visibility with direct access across all data and security domains including user/asset, network, endpoint, access, threat intelligence and wire data technologies

Get Started

  • Fact Sheet Splunk App for Enterprise Security
  • Demo
    Splunk App for Enterprise Security
  • Video
    Security Posture Dashboard
  • Video
    Asset Investigator
  • Video
    Threat Lists
Splunk App for Enterprise Security Contact Sales

Splunk® Named a Leader - 2014 Gartner Magic Quadrant

Learn how Splunk security analytics delivers beyond traditional SIEMs.

Read the Report
cedarcrestone logoManaging Operational Risk for Maximum Reward

"Until we found Splunk, there hasn't been a tool that was flexible enough to allow us to develop our own level of technology to address our unique requirements. We tried a traditional SIEM system and it didn't work for us."

-Dan Frye, Associate Vice President, Corporate Security, CedarCrestone

Read the Case Study

Splunk App for Enterprise Security

The Splunk App for Enterprise Security runs on top of Splunk® Enterprise to identify and address emerging security threats through the use of monitoring, alerts and analytics.

faster data onboarding icon

Reports, Dashboards and Security Metrics

Leverage a rich set of pre-built dashboards, reports, correlations and security indicators to increase monitoring coverage and improve incident response times.
easier analytics icon

Security Analytics, Correlation, Workflow and Response

Optimize security monitoring, triage, prioritization, response, containment and remediation processes by analyzing all machine data to quickly understand the relevance, scope and impact of any alert or incident.
proved scalability icon

Risk-Based Analysis

Apply risk scores to any data or correlation to enhance decision making and align risk posture with the business.
centralized management icon

User Identity and Asset Correlation

Apply user- and asset-based context to all machine data to monitor user and asset activities and to verify privileged access and detect unusual activity.
faster data onboarding icon

Integrated Threat Intelligence

Use threat intelligence from third-party subscriptions, law enforcement, internal and shared sources which can be aggregated, de-duplicated and assigned weights so it can be used for all aspects of monitoring, reporting and investigation.
easier analytics icon

Detect Unknown and Advanced Threats

Detect unusual activity associated with advanced and insider threats by leveraging statistical analysis, dynamic thresholds and anomaly detection.

Ask a Security Expert

Joe Goldberg


Expertise: Using Splunk software for security use cases including incident investigation/handling, forensics, fraud and SIEM.

Contact Us
joe goldberg expert