Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

neermine
Path Finder
‎08-29-2018 05:03 AM

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterprise Security is an app which is installed on Splunk Enterprise, but i want to know what can it do that Splunk can't? Why would i use Splunk security ?
i want a simple explanation please
thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

johnvr
Path Finder
‎08-30-2018 08:09 PM

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

View solution in original post

Reply
Solved! Jump to solution

lkutch_splunk
Splunk Employee
Splunk Employee
‎11-13-2020 11:26 AM

Splunk platform includes, for example: Splunk Enterprise, Splunk Cloud, etc. 

Splunk apps include, for example: Splunk Enterprise Security, Splunk IT Service Intelligence, etc. 

0 Karma
Reply
Solved! Jump to solution
Solution

johnvr
Path Finder
‎08-30-2018 08:09 PM

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

Reply
Solved! Jump to solution

sudosplunk
Motivator
‎08-29-2018 05:27 AM

My two cents,

In short, Splunk Enterprise is a software and Splunk Enterprise Security is an application.

Splunk ES is a Splunk premium app that contains a collection of add-ons (DA's - Domain add-ons, TA's - Technology add-ons, and SA's - Supporting add-ons). ES inherits knowledge objects provided by the add-ons included in the Splunk Enterprise Security package.
In combination, these add-ons provide the dashboards, searches, and tools that summarize the security posture of the enterprise, allowing users to monitor and act on security incidents and intelligence.

You can find more details about ES features here.

While splunk enterprise is a software where you will install ES.

Reply
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...