Splunk ES APP
Splunk App for Enterprise Security
Analytics-Driven Security and Continuous Monitoring for Modern Security Threats
The modern enterprise requires security technologies that can adapt to a dynamic threat landscape, evolving adversary tactics, advanced threats and changing business demands. To meet these new requirements, security teams need to have advanced analytics capabilities to rapidly implement new threat detection techniques.
The Splunk App for Enterprise Security runs on top of Splunk Enterprise to identify and address these emerging security threats through the use of monitoring, alerts and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the security professional faced with a growing list of challenges.
Out-of-the-box features include:
- Incident Review and Classification included as part of a comprehensive incident review capability, classification allows for bulk event reassignment, changes in status and criticality classification
- Automated Correlation Searches for cross data-type correlations that give the user an understanding of evolving threat scenarios in real time
- Reports and Security Metrics leverage dozens of out-of-the box reports, dashboards and metrics; any search result can be created as a graphic, dashboard or table to turn raw unstructured data into analytics; export raw data as a PDF or CSV
- Risk-based analysis to help align your security posture with the business by discovering relationships and applying a risk score to any data while transparently exposing the score’s contributing factors
- Threat intelligence framework to integrate, de-duplicate and assign weights to any number of open, proprietary or local threat intelligence feeds to simplify threat intelligence and make it a core component of your security operations workflow
- Unified search editor for a user-friendly, consistent search creation experience including guided searches for key security indicator (KSI) or key performance indicator (KPI) correlation searches and identity and asset visualizations
- User identity and asset correlation help you to answer questions about a specific user’s activity across multiple identities and assets
Security Posture Dashboard
The security posture dashboard provides a SOC-style, fully customizable view of key security metrics across security domains. The Splunk App for Enterprise Security contains a library of prebuilt security metrics widgets that support situational awareness and continuous monitoring of security domain-based risk. All graphics support drill-down into the incident review dashboard.
The Incident Review section provides the analysis workflows required to understand the priority of the incident, incident context, its type and which hosts were involved. One click and you’re exploring the raw data or viewing a journal of incident activities. Pivot on any piece of data known about the host to find out additional information or see related events.
Use risk analysis to identify the sources and magnitude of risk in your environment. Risk scores can assist in the hunt for unusual activities.