Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

neermine
Path Finder
‎08-29-2018 05:03 AM

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterprise Security is an app which is installed on Splunk Enterprise, but i want to know what can it do that Splunk can't? Why would i use Splunk security ?
i want a simple explanation please
thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

johnvr
Path Finder
‎08-30-2018 08:09 PM

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

View solution in original post

Reply
Solved! Jump to solution

lkutch_splunk
Splunk Employee
Splunk Employee
‎11-13-2020 11:26 AM

Splunk platform includes, for example: Splunk Enterprise, Splunk Cloud, etc. 

Splunk apps include, for example: Splunk Enterprise Security, Splunk IT Service Intelligence, etc. 

0 Karma
Reply
Solved! Jump to solution
Solution

johnvr
Path Finder
‎08-30-2018 08:09 PM

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

Reply
Solved! Jump to solution

sudosplunk
Motivator
‎08-29-2018 05:27 AM

My two cents,

In short, Splunk Enterprise is a software and Splunk Enterprise Security is an application.

Splunk ES is a Splunk premium app that contains a collection of add-ons (DA's - Domain add-ons, TA's - Technology add-ons, and SA's - Supporting add-ons). ES inherits knowledge objects provided by the add-ons included in the Splunk Enterprise Security package.
In combination, these add-ons provide the dashboards, searches, and tools that summarize the security posture of the enterprise, allowing users to monitor and act on security incidents and intelligence.

You can find more details about ES features here.

While splunk enterprise is a software where you will install ES.

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...