Use cases in Splunk Enterprise Security Editions
describes use cases addressed by Splunk Enterprise Security Editions
| Use case | Splunk Enterprise Security Essentials (General Availability) | Splunk Enterprise Security Premier (General Availability) |
|---|---|---|
| Security Monitoring |
Get a unified view across all environments for clearer threat visibility and faster, data-driven response | |
| Threat detection |
Tackle unknown and known threats with a range of detections (correlations, rule-based, AI/ML, and custom) | |
| Threat investigation |
Leverage the unified Mission Control interface to rapidly analyze, identify and investigate threats for an effective response |
Accelerate investigation through automated playbooks Splunk Enterprise Security |
| Threat hunting |
Use findings and searches to identify malicious activity and mitigate attacks before they escalate |
Enhance threat hunting by leveraging UEBA's ML-driven behavioral insights and accelerate evidence gathering and response with 1-click automated runbooks |
| Automation |
Use one time Adaptive Response actions for basic orchestration or integrate with a SOAR product for full spectrum automation |
Accelerate response time, minimize human error, and ensure consistent enforcement of security policies |
| Insider threat detection |
Requires manual implementation or integration with a separate product |
Mitigate insider threat using OOTB, proven, and scalable ML behavioral detections, fully integrated in investigation workflows |