https://community.splunk.com/t5/Splunk-Enterprise/What-is-the-difference-between-Splunk-Enterprise-ITSI-SOAR-UBA/m-p/608317#M13537 <P>Hello,&nbsp;</P><P>I'm just having a bit of difficulty differentiating between&nbsp;Splunk Enterprise, ITSI, SOAR, UBA, and Enterprise Security. It seems like they all do similar things.&nbsp; Do they all work together? or would it be redundant to have all of these at the same time?</P> Thu, 04 Aug 2022 17:25:53 GMT thos13 2022-08-04T17:25:53Z https://community.splunk.com/t5/Splunk-Enterprise/What-is-the-difference-between-Splunk-Enterprise-ITSI-SOAR-UBA/m-p/608317#M13537 <P>Hello,&nbsp;</P><P>I'm just having a bit of difficulty differentiating between&nbsp;Splunk Enterprise, ITSI, SOAR, UBA, and Enterprise Security. It seems like they all do similar things.&nbsp; Do they all work together? or would it be redundant to have all of these at the same time?</P> Thu, 04 Aug 2022 17:25:53 GMT https://community.splunk.com/t5/Splunk-Enterprise/What-is-the-difference-between-Splunk-Enterprise-ITSI-SOAR-UBA/m-p/608317#M13537 thos13 2022-08-04T17:25:53Z https://community.splunk.com/t5/Splunk-Enterprise/What-is-the-difference-between-Splunk-Enterprise-ITSI-SOAR-UBA/m-p/608332#M13538 <P>It's a lot to digest and those are just a few of the products Splunk offers!</P><P>Splunk Enterprise is the core product most of us use when we use "Splunk".&nbsp; It's the tool that indexes your machine data and helps you search it and draw value from it.</P><P>ITSI (IT Service Intelligence) is an app that plugs into Splunk Enterprise.&nbsp; It helps companies monitor the services they offer and know when problems are about to occur.&nbsp; Since it's a plug-in, you must first have Splunk Enterprise before you can install and run ITSI.</P><P>Splunk Enterprise Security (ES) is like ITSI in that it's an add-on to Splunk Enterprise.&nbsp; This add-on is intended for a company's SOC (Security Operations Center) team and is often billed as a SIEM (Security Information and Event Management) tool.&nbsp; It identifies security incidents as they happen so the SOC and take action to correct them.&nbsp; ES includes features that allow SOC members to track the incidents they investigate and record their findings.&nbsp; Because it's an add-on like ITSI, ES works very closely with Splunk Enterprise.</P><P>SOAR (Security Orchestration, Automation and Response; originally called Phantom) is an independent product.&nbsp; SOAR allows a company to respond to events.&nbsp; For example, if ES detects an authorized access, SOAR might be configured to tell the network to block that access.&nbsp; Since SOAR is a separate product it does not require Splunk Enterprise, but the two can work together.</P><P>UBA (User Behavior Analytics) is another independent product.&nbsp; It monitors activity on a network and alerts when it notices "unusual" activity.&nbsp; An activity is considered "unusual" if it breaks the pattern UBA has noticed in the past (using machine learning).&nbsp; It, too, can work with Splunk Enterprise, but does not require it.</P> Thu, 04 Aug 2022 19:06:02 GMT https://community.splunk.com/t5/Splunk-Enterprise/What-is-the-difference-between-Splunk-Enterprise-ITSI-SOAR-UBA/m-p/608332#M13538 richgalloway 2022-08-04T19:06:02Z