Splunk Enterprise Security

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

neermine
Path Finder

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterprise Security is an app which is installed on Splunk Enterprise, but i want to know what can it do that Splunk can't? Why would i use Splunk security ?
i want a simple explanation please
thanks.

0 Karma
1 Solution

johnvr
Path Finder

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

View solution in original post

lkutch_splunk
Splunk Employee
Splunk Employee

Splunk platform includes, for example: Splunk Enterprise, Splunk Cloud, etc. 

Splunk apps include, for example: Splunk Enterprise Security, Splunk IT Service Intelligence, etc. 

0 Karma

johnvr
Path Finder

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

sudosplunk
Motivator

My two cents,

In short, Splunk Enterprise is a software and Splunk Enterprise Security is an application.

Splunk ES is a Splunk premium app that contains a collection of add-ons (DA's - Domain add-ons, TA's - Technology add-ons, and SA's - Supporting add-ons). ES inherits knowledge objects provided by the add-ons included in the Splunk Enterprise Security package.
In combination, these add-ons provide the dashboards, searches, and tools that summarize the security posture of the enterprise, allowing users to monitor and act on security incidents and intelligence.

You can find more details about ES features here.

While splunk enterprise is a software where you will install ES.

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...