Product Tips
Your Splunk deployment is up and running, but you want to work faster and better. Clear and actionable product tips from Splunk experts across all our product lines will get you there. If you still can't find what you need, scroll further down the page to explore all the self-resources that Splunk has to offer.
- Enterprise Security
- Comparing security domain dashboards in Enterprise Security
- Configuring Windows event logs for Enterprise Security use
- Configuring Windows security audit policies for Enterprise Security visibility
- Customizing Enterprise Security dashboards to improve security monitoring
- Enabling an audit trail from Active Directory
- Enabling Windows event log process command line logging via group policy object
- Finding, deploying, and managing security detections
- Installing and upgrading to Splunk Enterprise Security 8x
- Managing data models in Enterprise Security
- Onboarding data to Splunk Enterprise Security
- Optimizing correlation searches in Enterprise Security
- Preventing concurrency issues and skipped searches
- Sending Splunk Observability events as Alert Actions from Splunk Enterprise Security
- Sharing data between Splunk Enterprise Security and Splunk ITSI
- Splunk Enterprise Security with Intelligence Management Demo
- Understanding the Event Sequencing engine
- Using the Splunk Enterprise Security assets and identities framework
- Using the workbench in an Enterprise Security investigation
- SOAR
- Demonstrating ROI from SOAR
- Managing cases in SOAR
- Responding to security incidents using SOAR
- Sending events from the Splunk platform to SOAR
- Sending Splunk Observability events as Workflow Actions from Splunk SOAR
- SOAR Indicator Enrichment Playbook and Intelligence Management
- Understanding SOAR case management features
- Working quickly with slash commands
Where Else to Get Help
| Resource | Description |
|---|---|
| A repository of analytic stories that are security guides that provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls, all designed to work together to detect, investigate, and respond to threats. | |
| Security research and news | |
| Join the Splunk Security Gang while they discuss the latest security news. | |
|
Splunk Security Workshops |
Bring Splunk security expertise to your organization for free! Ask your account team how. |
| Join these virtual, interactive, hands-on, and free workshops to connect & interact with experts, colleagues, and peers while learning about topics like Enterprise Security, Splunk SOAR, and correlation searches. | |
| BOTS is a blue-team, jeopardy-style, free capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite to answer a variety of questions about the type of real-world incidents that security analysts face regularly. |