Protect your business and modernize your security operations with a best in class data platform, advanced analytics and automated investigations and response.
Threat Topology allows analysts to gauge the extent of an incident by mapping all the associated risk and threat objects. Analysts can immediately discover the scope of a security incident and quickly pivot between affected assets and users in the investigation, saving time and increasing productivity.
Built on a scalable platform, Splunk Enterprise Security (ES) delivers data-driven insights so you can gain full-breadth visibility across your organization.
The Security Posture dashboard provides high level insight into real-time notable events across your security operations center. You can configure the dashboard with the KPIs you need and monitor change over a 24-hour period.
Risk-based alerting, or “RBA,” builds upon the great out-of-the-box detections in Splunk ES by greatly reducing false-positive detection rates and increasing productivity in your SOC. RBA attributes risk to users and systems and generates alerts when risk and behavioral thresholds are exceeded.
In incident Review, you can easily expand to view the timeline of events that contributed to an RBA-generated Notable (or a Risk Notable).
Adaptive Response Actions are actions that can be taken either manually or automatically against any notable event generated.
These actions can help gather context or help accelerate response and remediation when investigating notable events and are a great foundation for automating certain processes before evolving to full security orchestration, automation and response solution with Splunk SOAR.
Splunk Intelligence Management enables security teams to operationalize their internal and external security intelligence sources across their ecosystem by delivering insights directly into Splunk ES and Splunk SOAR.
Splunk SOAR can seamlessly share information with Splunk ES, helping to accelerate incident investigation and response by enriching alerts and performing actions at machine speed.
Splunk User Behavior Analytics (UBA) integrates with ES to enhance insight, strengthen security and streamline investigations so analysts can focus on high-fidelity alerts. UBA utilizes machine learning to profile user and entity behaviors, filter out real threats and share those threats with Splunk ES.
Alternatively, the behavioral analytics service is also available for cloud-deployed Splunk ES customers to provide comprehensive security visibility to uncover hidden and unknown threats through streaming analytics.
The Splunk Threat Research Team releases security content in the form of pre-packaged detections and responses to help your team stay on top of the latest threats.
Find this content in the Use Case Library in the form of Analytic Stories, where you can filter by use case or by an industry framework like MITRE ATT&CK.
The Asset Investigator dashboard aggregates events over time into swim lanes for easier threat hunting and incident forensic. Each swim lane defines high and low activity periods by color shade, revealing patterns in host and user actions.
Within Security Domains are ready-to-use dashboards with individual focuses — such as tracking login attempts, breach endpoints or network intrusions — that you can pivot and correlate across to reduce remediation time.
During an investigation, you can quickly pivot to the Investigation Workbench, which centralizes all threat intelligence, security context and relevant data, including users and devices, for fast and accurate assessments of incidents.
The Investigation Timeline allows for better collaboration and tracking of investigations. Ad-hoc searches are also easy to run from Workbench so you save time and remain focused on your investigation.