Splunk Enterprise Security

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

neermine
Path Finder

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterprise Security is an app which is installed on Splunk Enterprise, but i want to know what can it do that Splunk can't? Why would i use Splunk security ?
i want a simple explanation please
thanks.

0 Karma
1 Solution

johnvr
Path Finder

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

View solution in original post

lkutch_splunk
Splunk Employee
Splunk Employee

Splunk platform includes, for example: Splunk Enterprise, Splunk Cloud, etc. 

Splunk apps include, for example: Splunk Enterprise Security, Splunk IT Service Intelligence, etc. 

0 Karma

johnvr
Path Finder

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

sudosplunk
Motivator

My two cents,

In short, Splunk Enterprise is a software and Splunk Enterprise Security is an application.

Splunk ES is a Splunk premium app that contains a collection of add-ons (DA's - Domain add-ons, TA's - Technology add-ons, and SA's - Supporting add-ons). ES inherits knowledge objects provided by the add-ons included in the Splunk Enterprise Security package.
In combination, these add-ons provide the dashboards, searches, and tools that summarize the security posture of the enterprise, allowing users to monitor and act on security incidents and intelligence.

You can find more details about ES features here.

While splunk enterprise is a software where you will install ES.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...