Skip to main content
 
 
 
Splunk Lantern

Preparing to deploy security use cases in the Splunk platform

 

User roles

Role Responsibilities

Lead Security Analysts

Define security use cases, analyst workflows, and content strategy

Splunk Admins / Splunk Enterprise Security Admins

Manage configuration changes, app installs, index creation, and permissions changes

Information Security Management

Change approvals and project sponsorship

Preparation

1. Prerequisites

While this specific document focuses on the Splunk platform security implementation, it is important to understand the additional complementary offerings of Splunk’s overall security suite:

  • Splunk platform - A flexible platform that addresses an array of security use cases. It enables you to monitor and analyze machine data quickly from any source to deliver insights to act and is an essential analytics-driven foundation that strengthens your overall security. Available in the cloud.
  • Splunk Enterprise Security - A security information and event management (SIEM) solution that provides insights into machine data generated from security technologies such as network, endpoint, and access as well as malware, vulnerability, and identity information. Available in the cloud.
  • Splunk User Behavior Analytics - A machine-learning-powered solution that delivers answers organizations need to find unknown threats and anomalous behavior across users, endpoint devices, and applications.
  • Splunk SOAR - A security orchestration, automation, and response (SOAR) platform that integrates with your existing security technologies to provide a layer of “connective tissue” between them, making them smarter, faster, and stronger.
  • Applications - Apps developed by Splunk, partners, and our community to enhance and extend the power of the Splunk platform. Available in the cloud.
  • Splunk Security Essentials - Explore new use cases and deploy security detections from Splunk Security Essentials to Splunk Enterprise or Splunk Cloud Platform, as well as the Splunk SIEM and SOAR offerings. Now a fully-supported app with an active Splunk Cloud Platform license, it allows you to start strengthening your security posture and quicken your time- to-value with Splunk.
  • Splunk Enterprise Security Content Updates - For customers with Splunk Enterprise Security, this app delivers security analysis guides, called “Analytic Stories,” that explain how to best use Splunk Enterprise Security to investigate and take action on new threats detected in your environment, what searches to implement, and what you should be able to achieve.
  • Splunk Mission Control - Splunk Mission Control unifies your security operations across Splunk’s industry-leading security technologies and partner ecosystem within one work surface. This allows you to better understand business risk by seeing the entire picture of security insights and trends to detect what matters, investigate holistically, and respond intelligently.

4.0 Considerations

The flexibility of the Splunk platform allows for end-to-end visibility across all enterprise systems, This allows customers to effectively complete multi-step analysis, as well as ad-hoc investigations, to address any security monitoring use cases. Beyond the core platform, Splunk also offers enhanced features with our industry-leading SIEM, as well as a suite of solutions for detections, alerting, automation, and response management.