Achieve Your Use Cases
Security Use Cases
- Accelerate Actionable Insights with Threat Investigation
- Deploy Continuous Assets and Identities Discovery
- Mitigate Threats With Security Monitoring
- Protect Against Insider Threat With Anomaly Detection
- Reduce Risk with Advanced Threat Detection
- Respond to Incidents with Automation and Orchestration
- Simplify Compliance with Real-Time Monitoring and Reporting
- Uncover Hidden Threats with Proactive Threat Hunting
Splunk & Cisco Use Cases
AI Use Cases
Industry Use CasesAdminister Your Environment
Manage Your Data
Learn From Featured Articles
Using AI-assisted thresholding in Splunk ITSI
Splunk ITSI provides AI-assisted capabilities to help you configure and maintain KPI thresholds more effectively. These features analyze historical data to recommend appropriate thresholds and detect when thresholds have gradually shifted over time, potentially masking developing problems. Read this article to learn how to use these capabilities.
Using a security data onboarding maturity model
A data onboarding process with achievable, simple, and repeatable goals will help you avoid data graveyards that waste money and data onboarding fatigue with endless updates and maintenance. The beginner-friendly process described in this article will help you deliver organizational value.
Using a documentation-as-code approach to playbook development
Documentation of any security tooling is a critical yet time-consuming factor. Fortunately, Splunk SOAR natively supports a documentation-as-code approach for playbook development to minimize much of this effort, allowing for the documentation to automatically be populated as the playbook is developed.
- Security Use Cases
- Reduce Risk with Advanced Threat Detection
- Protect Against Insider Threat With Anomaly Detection
- Deploy Continuous Assets and Identities Discovery
- Respond to Incidents with Automation and Orchestration
- Simplify Compliance with Real-Time Monitoring and Reporting
- Mitigate Threats With Security Monitoring
- Uncover Hidden Threats with Proactive Threat Hunting
- Accelerate Actionable Insights with Threat Investigation
- Splunk and Cisco Use Cases
- This page links you to step-by-step guidance on use cases you can achieve with this combination of software and for practical advice on getting Cisco data into Splunk products.
- Get Started with Splunk Software
- Administering APM
- Administering Splunk Infrastructure Monitoring
- Conducting a SIEM use case development workshop
- Configuring add-ons in UBA
- Configuring and deploying Splunk Data Management Pipeline Builders
- Configuring Log Observer Connect
- Connecting SOAR apps
- Correlating log data to metric charts in Observability Cloud dashboards
- Creating alerts and dashboards with Splunk RUM data
- Creating and using playbooks in SOAR
- Creating dashboards and visualizations in Splunk Synthetic Monitoring
- Creating detectors and alerts in Splunk Synthetic Monitoring
- Cybersecurity Defense Analyst Certification Prep Tips
- Demo - Log analytics for troubleshooting with IT Essentials
- Extracting insights from Cloud Platform
- Extracting insights from Infrastructure Monitoring
- Extracting insights from Splunk Enterprise
- Extracting service insights from APM
- Getting data into APM
- Getting data into Infrastructure Monitoring
- Getting data into ITSI
- Getting data into UBA
- Getting help with APM
- Getting help with Infrastructure Monitoring
- Getting help with ITSI
- Getting help with SOAR
- Getting help with Splunk Artificial Intelligence
- Getting help with Splunk Asset and Risk Intelligence
- Getting help with Splunk Cloud Platform
- Getting help with Splunk Enterprise
- Getting help with Splunk Intel Management (TruSTAR)
- Getting help with Splunk Mobile
- Getting help with Splunk RUM
- Getting help with Splunk Synthetic Monitoring
- Getting help with UBA
- Getting started - Splunk Intel Management (TruSTAR)
- Getting started with APM
- Getting started with Infrastructure Monitoring
- Getting started with ITSI
- Getting started with IT Essentials Learn
- Getting started with IT Essentials Work
- Getting started with Log Observer Connect
- Getting started with SOAR
- Getting started with Splunk Artificial Intelligence
- Getting started with Splunk Asset and Risk Intelligence
- Getting started with Splunk Cloud Platform
- Getting started with Splunk Data Management Pipeline Builders
- Getting started with Splunk Enterprise
- Getting Started with Splunk Real User Monitoring
- Getting started with Splunk Security Essentials
- Getting started with Splunk Synthetic Monitoring
- Getting started with UBA
- How to set up Splunk Mobile app
- Identifying performance bottlenecks with Splunk RUM for Browser
- Implementing features and use cases in Splunk APM
- Implementing use cases in Cloud Platform
- Implementing use cases in Infrastructure Monitoring
- Implementing use cases in Splunk Enterprise
- Implementing use cases with SOAR
- Implementing use cases with Splunk Artificial Intelligence
- Implementing use cases with Splunk Data Management Pipeline Builders
- Improving performance in Enterprise Security 8
- Installing and upgrading Splunk Asset and Risk Intelligence
- Installing and upgrading UBA
- Intelligence flows - Indicator prioritization - Splunk Intel Management (TruSTAR)
- Managing users and permissions - Splunk Intel Management (TruSTAR)
- Managing your Splunk Cloud Platform deployment
- Managing your Splunk Enterprise deployment
- Manually submit intelligence - Splunk Intel Management (TruSTAR)
- Onboarding and managing data in Cloud Platform
- Onboarding and managing data in Splunk Enterprise
- Onboarding with Splunk Asset and Risk Intelligence
- Overview - Splunk Intel Management (TruSTAR)
- Preparing your environment for Splunk Asset and Risk Intelligence
- Rigor to Splunk Synthetics Migration - Customer FAQ
- Searching and filtering on Splunk RUM data
- Setting up and configuring SOAR
- Setting up tests in Splunk Synthetic Monitoring
- Splunk IT Service Intelligence Owner's Manual
- Splunk User Behavior Analytics Owner's Manual
- The definitive guide to best practices for IT Service Intelligence
- Upgrading to Enterprise Security 8.x - Compatibility checks
- Upgrading to Enterprise Security 8.x - Configuration and customization
- Upgrading to Enterprise Security 8.x - Overview
- Upgrading to Enterprise Security 8.x - Prerequisites
- Upgrading to Enterprise Security 8.x - Walkthrough and validation
- Using Log Observer Connect with Cloud Platform
- Using Log Observer Connect with Splunk Enterprise
- Using session replay in Splunk RUM
- Using Splunk Mobile
- Working with event analytics in ITSI
- Working with intelligence reports - Splunk Intel Management (TruSTAR)
- Working with intelligence sources - Splunk Intel Management (TruSTAR)
- Working with service insights in ITSI
- Splunk Success Framework
- The Splunk Success Framework (SSF) is a flexible collection of best practices for setting up your Splunk software implementation as a program.
- Splunk Cloud Platform Migration
- Get security, reliability, and fast time to value with Splunk® Cloud Platform.
- Phase 1: Splunk Cloud Platform migration overview
- Phase 2: Getting started with your Splunk Cloud Platform migration
- Phase 3: Determining your readiness for Splunk Cloud Platform migration
- Phase 4: Preparing for Splunk Cloud Platform migration
- Phase 5: Migrating to the Splunk Cloud Platform
- Phase 6: Validating your Splunk Cloud Platform deployment
- Phase 7: Welcome to Splunk Cloud Platform!
- Manage Splunk Platform Performance and Health
- Adopting workload management with cgroups v1
- Adopting workload management with cgroups v2
- Automating Splunk platform administration with a Continuous Configuration Automation framework
- Benchmarking filesystem performance on Linux-based indexers
- Classic dashboard export deprecation FAQ
- Configuring Splunk for Common Access Card authentication
- Developing add-ons with a Gold Standard methodology
- Installing an existing certificate on a new Splunk Enterprise installation
- Installing Splunk Enterprise 9.x on Linux
- Installing Splunk Enterprise 9.x on Windows
- Introduction to the Splunk Distributed Deployment Server
- Introduction to the Splunk ACS Github Action CI/CD Starter
- Managing configurations in Splunk Cloud Platform
- Migrating from on-premises to Splunk Cloud Platform
- Monitoring Splunk platform health
- Node.js deprecation FAQ
- Obtaining stacks from a Kubernetes instance
- Preparing to upgrade from 9.x to Splunk Enterprise and Cloud Platform 10.0
- Preparing your Splunk Platform instance to upgrade to jQuery 3.5
- Renewing a certificate on a new Splunk Enterprise installation
- Running a Splunk platform health check
- Securing the Splunk Cloud Platform
- Selecting the best cloud migration approach
- Splunk over IPv6 Runbook for Splunk Enterprise Customers
- Splunk over IPv6 runbook for Splunk Cloud Platform customers
- Troubleshooting compatibility issues between components or apps in Splunk Enterprise
- Troubleshooting high resource usage in Splunk Enterprise
- Troubleshooting slow Splunk platform restarts when running under systemd on Linux
- Understanding commonly used extension points in Splunk apps
- Understanding workload pricing in Splunk Cloud Platform
- Upcoming changes for Splunk Enterprise 10.2 and Splunk Cloud Platform 10.2
- Updating server and client certificates to comply with industry-wide certificate changes
- Upgrading the Splunk platform
- Using Admin Config Service in Splunk Cloud Platform FedRAMP environments
- Using best practices for developing Splunk apps
- Using the deployer
- Using the Performance Insights for Splunk app
- Using the Splunk Cloud Monitoring Console effectively
- Using the Universal Configuration Console
- Validating configurations with REST API in Splunk Cloud Platform 10.3.x
- Data Types
- Alerts data
- Application data
- Application server data
- Authentication data
- Backup data
- Binary repositories data
- Call detail record data
- Certificates data
- Change data
- Cloud productivity suite data
- Cloud services data
- Compliance and governance data
- Configuration management data
- Content delivery network data
- Customer relationship management data
- Database data
- Data access data
- Data loss prevention data
- Deep packet inspection data
- Endpoint detection and response data
- Electronic data interchange data
- Email data
- Event signatures data
- Financial data
- Insider threat data
- Intrusion detection data
- Inventory data
- IoT and industrial IoT data
- IP address assignment data
- Law enforcement data
- Load balancer data
- Malware data
- Medical device data
- Mobile device data
- Network access control data
- Network communication data
- Network firewall data
- Network resolution data
- Network router data
- Network sessions data
- Network switch data
- Network traffic data
- Network VPN data
- OpenLLMetry data
- OpenTelemetry data
- Operational technology data
- Patch management data
- Performance data
- Personally identifiable information
- Physical card reader data
- Physical security data
- Printer data
- Real user monitoring data
- Security orchestration, automation, and response data
- SNMP data
- Storage data
- Supplier and procurement data
- Synthetic monitoring data
- Threat intelligence data
- Update data
- User activity log data
- Vendor-specific data
- Video conferencing and communication data
- Virtualization data
- Vulnerability detection data
- Web application firewall data
- Web proxy data
- Web server data