Product Tips
Your Splunk deployment is up and running, but you want to work faster and better. Clear and actionable product tips from Splunk experts across all our product lines will get you there. If you still can't find what you need, scroll further down the page to explore all the self-resources that Splunk has to offer.
- Enterprise Security
- Creating an incident workflow in Splunk Enterprise Security
- Finding Splunkbase add-ons and apps for Enterprise Security
- Implementing risk-based alerting
- Onboarding data to Splunk Enterprise Security
- Preventing concurrency issues and skipped searches
- Sending Splunk Observability events as Alert Actions from Splunk Enterprise Security
- Splunk Enterprise Security with Intelligence Management Demo
- Using the Splunk Enterprise Security assets and identities framework
- Using threat intelligence in Splunk Enterprise Security
Where Else to Get Help
| Resource | Description |
|---|---|
| A repository of analytic stories that are security guides that provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls, all designed to work together to detect, investigate, and respond to threats. | |
| Security research and news | |
| Join the Splunk Security Gang while they discuss the latest security news. | |
|
Splunk Security Workshops |
Bring Splunk security expertise to your organization for free! Ask your account team how. |
| Join these virtual, interactive, hands-on, and free workshops to connect & interact with experts, colleagues, and peers while learning about topics like Enterprise Security, Splunk SOAR, and correlation searches. | |
| BOTS is a blue-team, jeopardy-style, free capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. |