Splunk Enterprise Security

What is the difference between Splunk Enterprise and Splunk Enterprise Security ?

neermine
Path Finder

hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterprise Security is an app which is installed on Splunk Enterprise, but i want to know what can it do that Splunk can't? Why would i use Splunk security ?
i want a simple explanation please
thanks.

0 Karma
1 Solution

johnvr
Path Finder

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

View solution in original post

lkutch_splunk
Splunk Employee
Splunk Employee

Splunk platform includes, for example: Splunk Enterprise, Splunk Cloud, etc. 

Splunk apps include, for example: Splunk Enterprise Security, Splunk IT Service Intelligence, etc. 

0 Karma

johnvr
Path Finder

Splunk Enterprise is just the full name of "Splunk" - Enterprise Security is a premium suite of apps (see: additional licensing cost) that enriches, normalizes, accelerates, and - with great sex appeal - displays data for infosec purposes.

Another way to say it - Splunk is a data analytics platform, Enterprise Security (ES) is a SIEM built onto it.

sudosplunk
Motivator

My two cents,

In short, Splunk Enterprise is a software and Splunk Enterprise Security is an application.

Splunk ES is a Splunk premium app that contains a collection of add-ons (DA's - Domain add-ons, TA's - Technology add-ons, and SA's - Supporting add-ons). ES inherits knowledge objects provided by the add-ons included in the Splunk Enterprise Security package.
In combination, these add-ons provide the dashboards, searches, and tools that summarize the security posture of the enterprise, allowing users to monitor and act on security incidents and intelligence.

You can find more details about ES features here.

While splunk enterprise is a software where you will install ES.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...