Use cases in Splunk Enterprise Security Editions
Use cases available in the different Enterprise Security Editions.
| Use case | Enterprise Security Essentials (General Availability) | Enterprise Security Premier (Controlled Availability) |
|---|---|---|
| Security Monitoring | Get a unified view across all environments for clearer threat visibility and faster, data-driven response | |
| Threat detection | Tackle unknown and known threats with a range of detections (correlations, rule-based, AI/ML, and custom) | |
| Threat investigation | Leverage the unified Mission Control interface to rapidly analyze, identify and investigate threats for an effective response | Accelerate investigation through automated playbooks Splunk Enterprise Security |
| Threat hunting | Use findings and searches to identify malicious activity and mitigate attacks before they escalate | Enhance threat hunting by leveraging UEBA's ML-driven behavioral insights and accelerate evidence gathering and response with 1-click automated runbooks |
| Automation | Use one time Adaptive Response actions for basic orchestration or integrate with a SOAR product for full spectrum automation | Accelerate response time, minimize human error, and ensure consistent enforcement of security policies |
| Insider threat detection | Requires manual implementation or integration with a separate product | Mitigate insider threat using OOTB, proven, and scalable ML behavioral detections, fully integrated in investigation workflows |