Analyze & Investigate
|Use Case Explorer for Security|
In the Analyze & Investigate workflow stage, you'll use Splunk User Behavior Analytics, Splunk Enterprise Security or Splunk Intelligence Management (Legacy) to reduce your mean-time-to-respond (MTTR). In order for security teams to analyze and investigate cyber attacks effectively, advanced tools like these Splunk products use the latest technologies to help investigate incidents. This is because cyber attackers are becoming smarter and launching attacks that can completely bypass substandard security protocols.
If you're a user of Splunk Cloud Platform or Splunk Enterprise, this content can still help you understand the strategies you should use to augment your analysis and investigation techniques. You can find use cases that apply to these products in our use case library Use Cases for Security with Splunk Platform.
Explore Analyze & Investigate focal areas and find your use cases
Explore the content in the following focal areas to find use cases you should apply.
- Behavior analysis
- Tools that analyze behavior on the network and use machine learning to find anomalies in behavior can notify of potential threats in near real-time.
- Cyber frameworks
- Cybersecurity frameworks are designed to give security managers a reliable, systematic way to mitigate cyber risk, no matter how complex the environment might be.
- Protect your customers' personal and financial information from cyber fraud, one of the most common and threatening forms of fraud that takes place internationally.
- Incident management
- Build a high-performing SOC team by encouraging active and passive collaboration behaviors, helping them innovate faster and quickly recover from incidents.
- Splunk Adoption Maturity - Threat intelligence
- Actionable threat intelligence is an essential function to protect digital infrastructure and assets successfully. It aids the processing and analysis of data from multiple feeds, improving security and visibility.
- Threat hunting
- Search for malicious activity within your organization’s IT infrastructure, provide insights for further investigation and build a feedback loop to improve existing controls.
- Threat intelligence
- Make quick, data-driven, real-time security decisions and take preemptive action before an attack actually crosses the threshold of your organization.