Achieve Your Use Cases
Security Use Cases
- Accelerate Actionable Insights with Threat Investigation
- Deploy Continuous Assets and Identities Discovery
- Mitigate Threats With Security Monitoring
- Protect Against Insider Threat With Anomaly Detection
- Reduce Risk with Advanced Threat Detection
- Respond to Incidents with Automation and Orchestration
- Simplify Compliance with Real-Time Monitoring and Reporting
- Uncover Hidden Threats with Proactive Threat Hunting
Splunk & Cisco Use Cases
AI Use Cases
Industry Use CasesAdminister Your Environment
Manage Your Data
Learn From Featured Articles
Accelerating security forensics with Federated Search for Amazon S3
Your SecOps team is alerted to suspicious activity, signals that point to the possibility of lateral movement or even data exfiltration. Using Splunk Federated Search for Amazon S3, you can quickly search historical logs directly in S3, eliminating the need for data movement or ingestion.
Tracking GCP CloudSQL permission changes
The Splunk platform is an ideal solution for addressing GCP use cases by building dashboards for monitoring and saved searches for automated alerting. Logging and identifying GRANT and REVOKE commands is key to tracking Google Cloud Platform permission changes over time and preventing malicious actors from gaining access to your data.
Optimizing Splunk Enterprise Security for your SOC
Splunk Enterprise Security Premier extends foundational ES capabilities with native Splunk SOAR and User and Entity Behavioral Analytics, delivering an AI-powered SecOps experience designed for efficiency and comprehensive threat coverage. This article explains some of the major methods you can use to optimize ES in your own SOC.
- Security Use Cases
- Reduce Risk with Advanced Threat Detection
- Protect Against Insider Threat With Anomaly Detection
- Deploy Continuous Assets and Identities Discovery
- Respond to Incidents with Automation and Orchestration
- Simplify Compliance with Real-Time Monitoring and Reporting
- Mitigate Threats With Security Monitoring
- Uncover Hidden Threats with Proactive Threat Hunting
- Accelerate Actionable Insights with Threat Investigation
- Get Started with Splunk Software
- Administering APM
- Administering Splunk Infrastructure Monitoring
- Conducting a SIEM use case development workshop
- Configuring add-ons in UBA
- Configuring and deploying Splunk Data Management Pipeline Builders
- Configuring and optimizing Enterprise Security
- Configuring Log Observer Connect
- Connecting SOAR apps
- Correlating log data to metric charts in Observability Cloud dashboards
- Creating alerts and dashboards with Splunk RUM data
- Creating and using playbooks in SOAR
- Creating dashboards and visualizations in Splunk Synthetic Monitoring
- Creating detectors and alerts in Splunk Synthetic Monitoring
- Cybersecurity Defense Analyst Certification Prep Tips
- Demo - Log analytics for troubleshooting with IT Essentials
- Extracting insights from Cloud Platform
- Extracting insights from Infrastructure Monitoring
- Extracting insights from Splunk Enterprise
- Extracting service insights from APM
- Getting data into APM
- Getting data into Infrastructure Monitoring
- Getting data into ITSI
- Getting data into UBA
- Getting data onboarded to Splunk Enterprise Security
- Getting help with APM
- Getting help with Enterprise Security
- Getting help with Infrastructure Monitoring
- Getting help with ITSI
- Getting help with SOAR
- Getting help with Splunk Artificial Intelligence
- Getting help with Splunk Asset and Risk Intelligence
- Getting help with Splunk Cloud Platform
- Getting help with Splunk Enterprise
- Getting help with Splunk Intel Management (TruSTAR)
- Getting help with Splunk Mobile
- Getting help with Splunk RUM
- Getting help with Splunk Synthetic Monitoring
- Getting help with UBA
- Getting started - Splunk Intel Management (TruSTAR)
- Getting started with APM
- Getting started with Infrastructure Monitoring
- Getting started with ITSI
- Getting started with IT Essentials Learn
- Getting started with IT Essentials Work
- Getting started with Log Observer Connect
- Getting started with SOAR
- Getting started with Splunk Artificial Intelligence
- Getting started with Splunk Asset and Risk Intelligence
- Getting started with Splunk Cloud Platform
- Getting started with Splunk Data Management Pipeline Builders
- Getting started with Splunk Enterprise
- Getting started with Splunk Enterprise Security
- Getting Started with Splunk Real User Monitoring
- Getting started with Splunk Security Essentials
- Getting started with Splunk Synthetic Monitoring
- Getting started with UBA
- How to set up Splunk Mobile app
- Identifying performance bottlenecks with Splunk RUM for Browser
- Identifying Splunk Enterprise Security use cases and data sources
- Implementing features and use cases in Splunk APM
- Implementing use cases in Cloud Platform
- Implementing use cases in Infrastructure Monitoring
- Implementing use cases in Splunk Enterprise
- Implementing use cases with SOAR
- Implementing use cases with Splunk Artificial Intelligence
- Implementing use cases with Splunk Data Management Pipeline Builders
- Improving performance in Enterprise Security 8
- Installing and upgrading Splunk Asset and Risk Intelligence
- Installing and upgrading UBA
- Intelligence flows - Indicator prioritization - Splunk Intel Management (TruSTAR)
- Managing users and permissions - Splunk Intel Management (TruSTAR)
- Managing your Splunk Cloud Platform deployment
- Managing your Splunk Enterprise deployment
- Manually submit intelligence - Splunk Intel Management (TruSTAR)
- Onboarding and managing data in Cloud Platform
- Onboarding and managing data in Splunk Enterprise
- Onboarding with Splunk Asset and Risk Intelligence
- Overview - Splunk Intel Management (TruSTAR)
- Preparing your environment for Splunk Asset and Risk Intelligence
- Rigor to Splunk Synthetics Migration - Customer FAQ
- Searching and filtering on Splunk RUM data
- Setting up and configuring SOAR
- Setting up tests in Splunk Synthetic Monitoring
- Splunk IT Service Intelligence Owner's Manual
- Splunk User Behavior Analytics Owner's Manual
- The definitive guide to best practices for IT Service Intelligence
- Upgrading to Enterprise Security 8.0.x - Compatibility checks
- Upgrading to Enterprise Security 8.0.x - Configuration and customization
- Upgrading to Enterprise Security 8.0.x - Overview
- Upgrading to Enterprise Security 8.0.x - Prerequisites
- Upgrading to Enterprise Security 8.0.x - Walkthrough and validation
- Using Enterprise Security for security investigation and monitoring
- Using Log Observer Connect with Cloud Platform
- Using Log Observer Connect with Splunk Enterprise
- Using session replay in Splunk RUM
- Using Splunk Mobile
- Using the TruSTAR Chrome Extension - Splunk Intel Management (TruSTAR)
- Working with event analytics in ITSI
- Working with intelligence reports - Splunk Intel Management (TruSTAR)
- Working with intelligence sources - Splunk Intel Management (TruSTAR)
- Working with service insights in ITSI
- Splunk Success Framework
- The Splunk Success Framework (SSF) is a flexible collection of best practices for setting up your Splunk software implementation as a program.
- Splunk Cloud Platform Migration
- Get security, reliability, and fast time to value with Splunk® Cloud Platform.
- Phase 1: Splunk Cloud Platform migration overview
- Phase 2: Getting started with your Splunk Cloud Platform migration
- Phase 3: Determining your readiness for Splunk Cloud Platform migration
- Phase 4: Preparing for Splunk Cloud Platform migration
- Phase 5: Migrating to the Splunk Cloud Platform
- Phase 6: Validating your Splunk Cloud Platform deployment
- Phase 7: Welcome to Splunk Cloud Platform!
- Manage Splunk Platform Performance and Health
- Adopting workload management with cgroups v1
- Adopting workload management with cgroups v2
- Automating Splunk platform administration with a Continuous Configuration Automation framework
- Benchmarking filesystem performance on Linux-based indexers
- Classic dashboard export deprecation FAQ
- Configuring Splunk for Common Access Card authentication
- Installing an existing certificate on a new Splunk Enterprise installation
- Installing Splunk Enterprise 9.x on Linux
- Installing Splunk Enterprise 9.x on Windows
- Introduction to the Splunk Distributed Deployment Server
- Introduction to the Splunk ACS Github Action CI/CD Starter
- Managing configurations in Splunk Cloud Platform
- Migrating from on-premises to Splunk Cloud Platform
- Monitoring Splunk platform health
- Node.js deprecation FAQ
- Obtaining stacks from a Kubernetes instance
- Preparing for certificate-based authentication changes on Windows domain controllers
- Preparing to upgrade from 9.x to Splunk Enterprise and Cloud Platform 10.0
- Preparing your Splunk Platform instance to upgrade to jQuery 3.5
- Renewing a certificate on a new Splunk Enterprise installation
- Running a Splunk platform health check
- Securing the Splunk Cloud Platform
- Selecting the best cloud migration approach
- SimpleXML Examples app end of life FAQ
- Splunk Custom Visualizations apps end of life FAQ
- Splunk over IPv6 Runbook for Splunk Enterprise Customers
- Splunk over IPv6 runbook for Splunk Cloud Platform customers
- Troubleshooting compatibility issues between components or apps in Splunk Enterprise
- Troubleshooting high resource usage in Splunk Enterprise
- Understanding workload pricing in Splunk Cloud Platform
- Upgrading the Splunk platform
- Using Admin Config Service in Splunk Cloud Platform FedRAMP environments
- Using the deployer
- Using the Splunk Cloud Monitoring Console effectively
- Using the Universal Configuration Console
- Data Sources
- Adobe
- Amazon
- Apache
- AppDynamics
- Atlassian
- Carbon Black
- Check Point
- Cisco
- CrowdStrike
- Dell
- Docker
- Fabrix.ai
- Fortinet
- Gigamon
- GitHub
- GitLab
- Kubernetes
- Linux and Unix
- Mac OS
- Microsoft
- Nagios
- NETSCOUT
- Okta
- OpenAI
- Palo Alto Networks
- Salesforce
- SAP
- Skyhigh Security
- Symantec
- Syslog
- Tanium
- Tenable
- Trend Micro
- VMware
- Websense
- Zeek
- Zoom
- Zscaler
- Data Types
- Alerts data
- Application data
- Application server data
- Authentication data
- Backup data
- Binary repositories data
- Call detail record data
- Certificates data
- Change data
- Cloud productivity suite data
- Cloud services data
- Compliance and governance data
- Configuration management data
- Content delivery network data
- Customer relationship management data
- Database data
- Data access data
- Data loss prevention data
- Deep packet inspection data
- Endpoint detection and response data
- Electronic data interchange data
- Email data
- Event signatures data
- Financial data
- Insider threat data
- Intrusion detection data
- Inventory data
- IoT and industrial IoT data
- IP address assignment data
- Law enforcement data
- Load balancer data
- Malware data
- Medical device data
- Mobile device data
- Network access control data
- Network communication data
- Network firewall data
- Network resolution data
- Network router data
- Network sessions data
- Network switch data
- Network traffic data
- Network VPN data
- OpenLLMetry data
- OpenTelemetry data
- Operational technology data
- Patch management data
- Performance data
- Personally identifiable information
- Physical card reader data
- Physical security data
- Printer data
- Real user monitoring data
- Security orchestration, automation, and response data
- SNMP data
- Storage data
- Supplier and procurement data
- Synthetic monitoring data
- Threat intelligence data
- Update data
- User activity log data
- Vendor-specific data
- Video conferencing and communication data
- Virtualization data
- Vulnerability detection data
- Web application firewall data
- Web proxy data
- Web server data