Product Tips
Your Splunk deployment is up and running, but you want to work faster and better. Clear and actionable product tips from Splunk experts across all our product lines will get you there. If you still can't find what you need, scroll further down the page to explore all the self-resources that Splunk has to offer.
- Enterprise Security
- Analyzing your organization's adoption of risk-based alerting
- Applying version control to correlation search changes
- Assessing your organization's current state of insider threat awareness
- Comparing security domain dashboards in Enterprise Security
- Conducting an insider threat workshop in your organization
- Conducting a SIEM use case development workshop
- Configuring Windows event logs for Enterprise Security use
- Configuring Windows security audit policies for Enterprise Security visibility
- Creating an action plan from an insider threat workshop
- Customizing Enterprise Security dashboards to improve security monitoring
- Enabling an audit trail from Active Directory
- Enabling auto-refresh on the Analyst queue in Enterprise Security
- Enabling Windows event log process command line logging via group policy object
- Finding, deploying, and managing security detections
- Installing and upgrading to Splunk Enterprise Security 8x
- Managing data models in Enterprise Security
- Onboarding data to Splunk Enterprise Security
- Optimizing correlation searches in Enterprise Security
- Preventing concurrency issues and skipped searches
- Searching investigation artifacts with the Analyst queue in Enterprise Security 8.0
- Selecting insider threat use cases for your organization
- Sending Splunk Observability events as Alert Actions from Splunk Enterprise Security
- Sharing data between Splunk Enterprise Security and Splunk ITSI
- Splunk Enterprise Security with Intelligence Management Demo
- Understanding the Event Sequencing engine
- Using Enterprise Security 8.0 workflows
- Using risk-based alerting and detection in Enterprise Security 8.0
- Using the rest command to work with data from REST API endpoints
- Using the Splunk Enterprise Security assets and identities framework
- Using the workbench in an Enterprise Security investigation
- SOAR
- Selecting the correct apps to integrate the Splunk platform and SOAR
- Demonstrating ROI from SOAR
- Managing cases in SOAR
- Responding to security incidents using SOAR
- Sending events from the Splunk platform to SOAR
- Sending Splunk Observability events as Workflow Actions from Splunk SOAR
- SOAR Indicator Enrichment Playbook and Intelligence Management
- Understanding SOAR case management features
- Working quickly with slash commands
Where Else to Get Help
| Resource | Description |
|---|---|
| A repository of analytic stories that are security guides that provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls, all designed to work together to detect, investigate, and respond to threats. | |
| Security research and news | |
| Join the Splunk Security Gang while they discuss the latest security news. | |
|
Splunk Security Workshops |
Bring Splunk security expertise to your organization for free! Ask your account team how. |
| Join these virtual, interactive, hands-on, and free workshops to connect & interact with experts, colleagues, and peers while learning about topics like Enterprise Security, Splunk SOAR, and correlation searches. | |
| BOTS is a blue-team, jeopardy-style, free capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. |