Product Tips
Your Splunk deployment is up and running, but you want to work faster and better. Clear and actionable product tips from Splunk experts across all our product lines will get you there. If you still can't find what you need, scroll further down the page to explore all the self-resources that Splunk has to offer.
- Enterprise Security
- Comparing security domain dashboards in Enterprise Security
- Configuring Windows security audit policies for Enterprise Security visibility
- Customizing Enterprise Security dashboards to improve security monitoring
- Finding Splunkbase add-ons and apps for Enterprise Security
- Managing data models in Enterprise Security
- Normalizing Enterprise Security data with technology add-ons
- Onboarding data to Splunk Enterprise Security
- Optimizing correlation searches in Enterprise Security
- Preventing concurrency issues and skipped searches
- Sending Splunk Observability events as Alert Actions from Splunk Enterprise Security
- Splunk Enterprise Security with Intelligence Management Demo
- Understanding the Event Sequencing engine
- Using protocol intelligence in Enterprise Security
- Using the Splunk Enterprise Security assets and identities framework
- Using the workbench in an Enterprise Security investigation
- SOAR
- Following best practices for designing playbooks
- Managing cases in SOAR
- Passing data between SOAR playbooks
- Responding to security incidents using SOAR
- Sending events from the Splunk platform to SOAR
- Sending Splunk Observability events as Workflow Actions from Splunk SOAR
- SOAR Indicator Enrichment Playbook and Intelligence Management
- Understanding SOAR case management features
- Using a playbook design methodology
- Using the AWS AssumeRole capability
- Working quickly with slash commands
Where Else to Get Help
| Resource | Description |
|---|---|
| A repository of analytic stories that are security guides that provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls, all designed to work together to detect, investigate, and respond to threats. | |
| Security research and news | |
| Join the Splunk Security Gang while they discuss the latest security news. | |
|
Splunk Security Workshops |
Bring Splunk security expertise to your organization for free! Ask your account team how. |
| Join these virtual, interactive, hands-on, and free workshops to connect & interact with experts, colleagues, and peers while learning about topics like Enterprise Security, Splunk SOAR, and correlation searches. | |
| BOTS is a blue-team, jeopardy-style, free capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. |