Hi everyone! Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel) 

Q1: What is the major difference between ES Essentials and ES Premier?

A:  

Q2:  At the time of installing and configuring both versions, are there any differences?

A:  This is somewhat of a nuanced answer. TL;DR: No.

That said, since ES Premier enables unlimited SOAR seats and UEBA functionality, there are configuration considerations that apply to those products and features.

• For example, with SOAR, you'll want to link the SOAR instance to ES in the ES configuration settings.
• For UEBA, since UEBA is an integrated feature of ES, there are no special installation considerations, beyond ensuring you've onboarded the data that UEBA feeds on, and the usual ES frameworks like Assets and Identities are populating.
• That said, there are different considerations for Customer Managed Platform(CMP), aka on-prem deployments of UEBA. For example, you can download and install the UEBA Content App to extend the functions of UEBA and access more behavior-based detections.

Q3:  We just purchased ES Essentials. What should we consider when deciding whether to upgrade to Premier? How can we maximize the value of our investment?

A:  Either Edition of Splunk Enterprise Security is a phenomenal investment.

Considerations for Premier include Insider Risk Use Cases (UEBA) and the force multiplication that unlimited SOAR seats brings to your ability to automate your security, AND IT operations.

In addition, while forward-looking statements apply here, what we want is for Premier customers to have a "seat at the table" for all the amazing innovation we have planned for the future.

More news on that front will be coming shortly, maybe as soon as at RSAC. 😉