Additional resources
Use the following resources for more information on Splunk Enterprise Security and risk-based alerting:
Splunk RBA community
The Splunk RBA Community developed by Outpost Security is amazing and full of very active members who are supportive of new users. You can sign up for the RBA Community Slack channel to ask questions on risk-based alerting, identify best practices, and interact with the community of users. See RBA community Slack channel
Additionally, you can search for solutions or ask questions on Splunk Answers, connect with helpful and fun Splunk enthusiasts through chat groups, or meet users in your local area at User Groups near you. The Community portal has everything you need to discover how to set yourself up for success with the Splunk Community.
Splunk Enterprise Security documentation
Splunk Enterprise Security has a wide range of documentation, including tutorials, scenarios, and manuals for administrators, developers, and users.
See Splunk Enterprise Security Documentation site.
The essential guide to risk-based alerting
See The essential guide to risk-based alerting. This 58-page guide takes you on a step-by-step maturity journey to a successful RBA implementation with high-level explanation and hands-on examples.
Quick references
For more information on deployment planning, installation, upgrade, configuration, see the product documentation:
- System Requirements in the Splunk Enterprise Security Installation and Upgrade manual.
- Install Splunk Enterprise Security in the Splunk Enterprise Security Installation and Upgrade manual.
To learn more about validating ingested data so that alerting is easier and more consistent, use the Common Information model (CIM) add-on:
Other miscellaneous resources on security
Review the following resources for .conf presentations, blogs, use cases, videos, and tutorials on security and RBA:
Send us feedback
At the bottom of every page of Splunk documentation is a quick form that you can use to send us feedback.