Splunk Enterprise Security

What is the difference between Splunk Enterprise & Splunk Enterprise Security and which one shall I implement in my 24/7/365 monitoring SOC?

mailmetoramu
Explorer

Hi all,

Can anyone let me know the difference between Splunk Enterprise & Splunk Enterprise Security? Are they both the same?

If so both are different in case, what exactly the functions of each & which one shall I implement in my 24/7/365 monitoring SOC?

Thanks,

Ramu.R

0 Karma
1 Solution

p_gurav
Champion

Splunk enterprise is platform and splunk enterprise security is licensed application sits on top of splunk. For using enterprise security you need to install splunk first and then import the application.

View solution in original post

0 Karma

Akashnickyz
New Member

Splunk enterprise is the is the platfrom which u have to install in order to install the security enterpricse on top of it ......!!!!!! or else we can just say like its an app from Splunk enterprise wch can be installed for the security purposes which is the paid version always ....!!!!!

0 Karma

deepashri_123
Motivator

Hey@mailmetoramu,

Splunk Enterprise Security is a paid app which is installed on Splunk Enterprise.For implementation purpose you need to contact Splunk with your exact requirement for further guidance.
Refer this link:
https://splunkbase.splunk.com/app/263/
https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security/features.html

Let me know if this helps!!

0 Karma

emuganhwa
New Member

Hi, can you drop me a download link for the Enterprise security app?
I have the enterprise license.......just wanna try it out.
email is emuganhwa@gmail.com

0 Karma

mailmetoramu
Explorer

Already i bought a paid app, so the validity & license of my splunk enterprise will be as same as splunk Enterprise security ??

0 Karma

deepashri_123
Motivator

Splunk Enterprise Security app license has to be purchased seperately along with Splunk Enterprise and the validity and license you can check in your licensing section on Splunk.

0 Karma

mailmetoramu
Explorer

Deepashri,

1) Splunk Enterprise - No Enforcement (6.5+)

2) Splunk Enterprise

In above, First one is splunk enterprise 6.5 & second is splunk enterprise security, right ??

0 Karma

p_gurav
Champion

oops!! sorry no, First one is special key comes with splunk (you can read further overhttps://docs.splunk.com/Documentation/Splunk/latest/Admin/TypesofSplunklicenses#No-enforcement_license ) and second is free license.

0 Karma

mailmetoramu
Explorer

So i can download the free version of splunk enterprise 6.5+ versions only ??

0 Karma

p_gurav
Champion

Yes, and if you want to buy license for both contact splunk sales or support

0 Karma

mailmetoramu
Explorer

Great, Thank You ..!!

0 Karma

p_gurav
Champion

If splunk license expires, It will stop searching that means the app UI is not working. Please contact splunk support or splunk sales, they will guide you with implementation.

0 Karma

p_gurav
Champion

Splunk enterprise is platform and splunk enterprise security is licensed application sits on top of splunk. For using enterprise security you need to install splunk first and then import the application.

0 Karma

mailmetoramu
Explorer

So you mean to say, first i should install splunk enterprise in my laptop, get the GUI first.

Then install the splunk enterprise security app from the GUI ??

0 Karma

p_gurav
Champion

Yes. You can install splunk with free license on your laptop. But for Enterprise security application is a paid application which only works with enterprise license . If required you can contact splunk support.

0 Karma

mailmetoramu
Explorer

Thats ok, the free version is only for 60 days but i bought splunk enterprise security which is licensed one.

So what will happen to my paid app once my trial period of splunk enterprise expires ??

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

I hope youre not running your 24x7 SOC off your laptop.

If you have a enablement license, as in you have purchased Splunk Enterprise and Enterprise Security, you will need to install the provided license files (that your sales representative sends to you) on your License Master Instance.

Your best place to start is at the documentation for Enterpise Security. Read from here : https://docs.splunk.com/Documentation/ES/5.0.0/Install/InstallEnterpriseSecurity

0 Karma
Get Updates on the Splunk Community!

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...

Thank You for Celebrating CX Day with Splunk!

Yesterday the entire team at Splunk + Cisco joined the global celebration of CX Day - celebrating our ...