Skip to main content


Splunk Lantern

Analyze and Investigate



In the Analyze and Investigate workflow stage, you'll use Splunk User Behavior Analytics, Splunk Enterprise Security or Splunk Intelligence Management to reduce your mean-time-to-respond (MTTR). In order for security teams to analyze and investigate cyber attacks effectively, advanced tools like these Splunk products use the latest technologies to help investigate incidents. This is because cyber attackers are becoming smarter and launching attacks that can completely bypass substandard security protocols.

If you're a user of Splunk Cloud Platform or Splunk Enterprise, this content can still help you understand the strategies you should use to augment your analysis and investigation techniques. You can find use cases which apply to all Splunk products in the Lantern Security Use Case Library.

Explore analysis and investigation focal areas and find your use cases

Explore the content in the following focal areas to find use cases you should apply.

  • Behavior analysis and machine learning
    Tools that analyze behavior on the network and use machine learning to find anomalies in behavior can notify of potential threats in near real-time.
  • Compliance
    Ensure that your organization follows applicable laws, general mandates, and industry-specific regulation that governs how it conducts business.
  • Fraud
    Protect your customers' personal and financial information from cyber fraud, one of the most common and threatening forms of fraud that takes place internationally.
  • Incident collaboration
    Build a high-performing SOC team by encouraging active and passive collaboration behaviors, helping them innovate faster and quickly recover from incidents.
  • Threat hunting
    Search for malicious activity within your organization’s IT infrastructure, provide insights for further investigation and build a feedback loop to improve existing controls.
  • Threat intelligence
    Make quick, data-driven, real-time security decisions and take preemptive action before an attack actually crosses the threshold of your organization.