Getting Started with Security

Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk. ES helps teams gain organization-wide visibility and security intelligence for continuous monitoring, incident response, SOC operations, and providing executives a window into business risk. • Continuously Monitor: get a clear picture of security posture using pre-defined dashboards, key security and performance indicators, static & dynamic thresholds, and trending indicators • Prioritize and Act: optimize incident response workflows with alerts, centralized logs, and pre-defined reports and correlations • Conduct Rapid Investigations: use ad-hoc search and static, dynamic and visual correlations to detect malicious activities • Handle Multi-step Investigations: trace activities associated with compromised systems and apply the kill-chain methodology to see the attack lifecycle Splunk ES is a premium security solution requiring a paid license