Search

Mission Control (MC)

Splunk Mission Control service

Splunk Mission Control is a comprehensive security operations application that enables you to triage, investigate, and respond to security incidents through a cloud-based console linked with Splunk Enterprise Security (Cloud). Within this application, data from Splunk Enterprise Security (Cloud) is seamlessly integrated and presented as incidents, facilitating a streamlined workflow for handling security events.

Splunk Mission Control regional availability

Splunk mission control

Access Splunk Mission Control

Splunk License for Mission Control comes preinstalled as an app on Splunk Enterprise Security (Cloud) for versions 6.6 and above at no extra cost. However, it is not included with Splunk SOAR products that are licensed separately from Splunk Enterprise Security (Cloud). Additionally, Splunk Mission Control is not compatible with Splunk Enterprise or Splunk Enterprise Security (Cloud) when deployed in a search head cluster environment.

Utilizing Splunk along with data from integrated services or other Splunk-licensed products might increase SVC resource usage. Nevertheless, the use of Splunk does not impact the licensing entitlements based on users or seats. For customers of Splunk Cloud who have licenses for both Splunk Enterprise Security (Cloud) and SOAR (Cloud) directly from Splunk, employing Splunk will not affect the number of Splunk SOAR seats or the licensed user count permitted for Splunk SOAR (Cloud).

Access automation functionality with Splunk SOAR (Cloud)

Splunk SOAR (Cloud) enhances Splunk by providing security orchestration and automation capabilities. Splunk includes a free trial of Splunk SOAR (Cloud), allowing you to execute an unlimited number of playbooks, capped at a total of 100 actions per day. Current Splunk SOAR (Cloud) customers should note that it’s not possible to transfer existing automation data like playbooks and assets directly into Splunk. To access the automation features in Splunk, current users need to initiate the Splunk SOAR (Cloud) trial. This trial expires 6 months from the start date and does not include Splunk support.

Once the trial expires, unless you upgrade your license, you will lose the ability to run actions, playbooks, and delegate prompts within Splunk. Also, be aware that there may be unscheduled downtime for automation actions during upgrades to Splunk SOAR (Cloud) without prior notification.

If you wish to continue utilizing Splunk SOAR (Cloud) for automating incident response and running unlimited actions in Splunk Mission Control after the 6-month trial, you should consider upgrading your Splunk SOAR license. To do so, or to verify your current version of Splunk SOAR, please contact your account manager.

Threat Intelligence Management availability

Threat Intelligence Management is integrated within Splunk, offering intelligence support specifically for customers using Splunk Enterprise Security (Cloud).

To utilize Threat Intelligence Management within Splunk for Mission Control, you must meet the following criteria:

You should be licensed for the generally available commercial versions of both Splunk Mission Control and Splunk Enterprise Security (Cloud) version 6.6 or higher. This excludes any preview or limited release versions.

Your operations must be based in one of the designated regions where this service is available.

For more information about Splunk Security Products, Splunk Security

Splunk mission control security

Performance

Splunk Mission Control can impact the performance of your Splunk Cloud Platform deployment by up to 2%.

Data storage and retention

Data that is transmitted to Splunk as incidents from Splunk Enterprise Security (Cloud) is retained for active subscribers based on specific policy and retention settings. For detailed information on how this data is stored, managed, and retained, subscribers should consult the ‘Review Splunk Cloud Platform data policies’ section located in the Splunk Cloud Platform Admin Manual. This section provides comprehensive guidelines and protocols regarding data handling within the platform.

Service maintenance and updates

Splunk strives to manage and update Splunk Mission Control uniformly, so all customers of Splunk receive the most current features and functionality. Accordingly, it is possible Splunk might push updates to the Splunk Mission Control service without prior notice and outside of other official or assigned service maintenance windows. These updates should not impose any downtime, restarts, or other service interruptions. We will endeavor to honor a change freeze request provided the request is less than 30 days in duration. Not all such requests may be accommodated.

Not found product.