Detect. Prevent. Respond.
The Splunk App for Enterprise Security is a next-generation security intelligence platform that addresses SIEM (Security Information and Event Management) use cases by providing pre-packaged dashboards, reports, incident response workflows, analytics and correlations. It also provides out-of-the-box support for the most common security data sources including network security, endpoint solutions, malware and payload analysis, network and wire data, identity and asset management systems, and threat intelligence to accelerate deployment and adoption.
Splunk App for Enterprise Security includes:
- Library of security- and risk-based KPIs and KSIs to use in any combination within dashboards and monitors to streamline security operations
- Incident review dashboards and workflow actions that enable users to drill down or pivot on any piece of data to rapidly understand the priority, impact and context of any activity
- End-to-end visibility with direct access across all data and security domains including user/asset, network, endpoint, access, threat intelligence and wire data technologies
Splunk App for Enterprise Security
The Splunk App for Enterprise Security runs on top of Splunk® Enterprise to identify and address emerging security threats through the use of monitoring, alerts and analytics.
Security Analytics, Correlation, Workflow and ResponseOptimize security monitoring, triage, prioritization, response, containment and remediation processes by analyzing all machine data to quickly understand the relevance, scope and impact of any alert or incident.
Risk-Based AnalysisApply risk scores to any data or correlation to enhance decision making and align risk posture with the business.
User Identity and Asset CorrelationApply user- and asset-based context to all machine data to monitor user and asset activities and to verify privileged access and detect unusual activity.
Integrated Threat IntelligenceUse threat intelligence from third-party subscriptions, law enforcement, internal and shared sources which can be aggregated, de-duplicated and assigned weights so it can be used for all aspects of monitoring, reporting and investigation.
Detect Unknown and Advanced ThreatsDetect unusual activity associated with advanced and insider threats by leveraging statistical analysis, dynamic thresholds and anomaly detection.
Splunk App for Enterprise Security Tour
Security Posture Dashboard
Risk Scoring Framework
The security posture dashboard provides continuous monitoring and at-a-glance situational awareness by tracking key security indicators and security metrics across identity, access, network, malware, endpoint and threat intelligence data sources. All aspects of data source, key indicators and visual displays are configurable and customizable to suit any organization’s operating procedure. The point-and-click interface provides integrated workflows and actions from the graphical display. Watch the video.
Quickly triage, prioritize, and respond to notable events by understanding the priority of any incident and which hosts were involved. Gain contextual insights about the incident and host, and pivot on any incident or host attribute to find additional indicators and related events. Security team members can collaborate and review all activities related to the host and incident in a single location as well as explore the raw data and view the journal of incident activities.
The Asset Investigator allows you to visually correlate activities across disparate technologies. You can adjust timeframes and build a story from the events and then create searches to detect those events or share the story with a team member. Watch the video.
The Threat List dashboard provides direct access to events that correlate to all threat intelligence sources: third-party subscriptions, law enforcement, internal, and shared threat intelligence. It provides insights into the trends, activities, users and risks associated with threat intelligence. Utilize threat intelligence as the starting point for your workflow or use threat intelligence across aspects of monitoring, reporting and investigation. Watch the video.
Protocol intelligence provides fast access to wire data and includes dashboards for the most important fields in the most common protocols that are provided by the Splunk App for Stream or provided by network forensics tools. Pre-built reports that use key fields extracted from wire data simplify profiling to spot unusual activity. Protocol intelligence also applies threat intelligence to email envelopes, DNS queries and responses, and SSL certificates to accelerate incident response and detection.
Create risk scores for any activity, asset or identity. Apply risk to trigger, alert, prioritize, triage and investigate a wide variety of use cases including advanced threat detection, fraud and insider threats.