Splunk App for Enterprise Security

Analytics-Driven Security and Continuous Monitoring for Modern Security Threats

The modern enterprise requires security technologies that can adapt to a dynamic threat landscape, evolving adversary tactics, advanced threats and changing business demands. To meet these new requirements, security teams need to have advanced analytics capabilities to rapidly implement new threat detection techniques.

Splunk App for Enterprise Security

The Splunk App for Enterprise Security runs on top of Splunk Enterprise to identify and address these emerging security threats through the use of monitoring, alerts and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the security professional faced with a growing list of challenges.

Out-of-the-box features include:

  • Automated Correlation Searches for cross data-type correlations that give the user an understanding of evolving threat scenarios in real time
  • Reports and security metrics so any search result can be created as a graphic, dashboard, or table to turn raw unstructured data into analytics; export raw data as a PDF or CSV
  • Threat intelligence framework to integrate, de-duplicate and assign weights to any number of open, proprietary or local threat intelligence feeds to simplify threat intelligence and make it a core component of your security operations workflow
  • Unified search editor for a user-friendly, consistent search creation experience—including guided searches—for key security indicator (KSI) or key performance indicator (KPI) correlation searches and identity and asset visualizations
  • Risk-based analysis to help align your security posture with the business by discovering relationships and applying a risk score to any data while transparently exposing the score's contributing factors
  • Incident Review, classification and collaboration allows for bulk event reassignment, changes in status and criticality classification
  • User identity and asset correlation help you to answer questions about a specific user's activity across multiple identities and assets

Security Posture Dashboard

The security posture dashboard provides a SOC-style, fully customizable view of key security metrics across security domains. The Splunk App for Enterprise Security contains a library of prebuilt security metrics widgets that support situational awareness and continuous monitoring of security domain-based risk. All graphics support drill-down into the incident review dashboard.

Incident Review

The Incident Review section provides the analysis workflows required to understand the priority of the incident, incident context, its type and which hosts were involved. One click and you're exploring the raw data or viewing a journal of incident activities. Pivot on any piece of data known about the host to find out additional information or see related events.

Risk Analytics

Use risk analysis to identify the sources and magnitude of risk in your environment. Risk scores can assist in the hunt for unusual activities.