Skip to main content


Splunk Lantern

Analyze & Investigate


Use Case Explorer for Security
ingest_dark-removebg-preview.png Monitor_dark-removebg-preview.png analyze_light-removebg-preview.png act_dark-removebg-preview.png

In the Analyze & Investigate workflow stage, you'll use Splunk User Behavior Analytics, Splunk Enterprise Security or Splunk Intelligence Management (Legacy) to reduce your mean-time-to-respond (MTTR). In order for security teams to analyze and investigate cyber attacks effectively, advanced tools like these Splunk products use the latest technologies to help investigate incidents. This is because cyber attackers are becoming smarter and launching attacks that can completely bypass substandard security protocols.

If you're a user of Splunk Cloud Platform or Splunk Enterprise, this content can still help you understand the strategies you should use to augment your analysis and investigation techniques. You can find use cases that apply to these products in our use case library Use Cases for Security with Splunk Platform.

Explore Analyze & Investigate focal areas and find your use cases

Explore the content in the following focal areas to find use cases you should apply.

  • Behavior analysis
    Tools that analyze behavior on the network and use machine learning to find anomalies in behavior can notify of potential threats in near real-time.
  • Cyber frameworks
    Cybersecurity frameworks are designed to give security managers a reliable, systematic way to mitigate cyber risk, no matter how complex the environment might be.
  • Fraud
    Protect your customers' personal and financial information from cyber fraud, one of the most common and threatening forms of fraud that takes place internationally.
  • Incident management
    Build a high-performing SOC team by encouraging active and passive collaboration behaviors, helping them innovate faster and quickly recover from incidents.
  • Splunk Adoption Maturity - Threat intelligence
    Actionable threat intelligence is an essential function to protect digital infrastructure and assets successfully. It aids the processing and analysis of data from multiple feeds, improving security and visibility.
  • Threat hunting
    Search for malicious activity within your organization’s IT infrastructure, provide insights for further investigation and build a feedback loop to improve existing controls.
  • Threat intelligence
    Make quick, data-driven, real-time security decisions and take preemptive action before an attack actually crosses the threshold of your organization.