Learn Security

Table of Contents


If you’re new to security itself, it can be difficult to even understand the content recommendations made. This guide points you to content that has the best written explanations and documentation, targeted specifically at folks just getting started.


Security Contents Page

The Security Contents Page is the main landing page for Splunk Security Essentials, providing a complete list of content and the ability to drill-down into any individual item. It’s the kicking off point for viewing all content in the app, and has a wealth of filters to help you hone in on exactly what you want.

  1. We’ve provided an introduction for this page and a detailed description of the Search Journey Stages listed below. To get the full details just click “Show all lines”.

  2. Use the filters below to find capabilities most relevant to you. For example, if you’re just starting out with Splunk for security and want to know what to begin with, you might opt to view all featured Stage 1 searches.

  3. Focus on specific business concern: You can opt to select Stage 6 (all the Splunk Content)…

  4. Drill down: Focus on a single issue, like Insider Threat.

  5. Filter on specific data sources you already have in Splunk. For example, see some immediate detections you can deploy by filtering on the specific data source, such as, “Email Logs.”

  6. In order to find and focus on exactly the examples you want adjust filters by hitting the menu icon. Don’t worry - All the settings you configure will be retained every time you open the page in this browser.

  7. Splunk Security Essentials is not about the filters… it’s about the different examples to help with your specific use cases. Scroll down below to see what examples match the filters you’ve configured and how to start getting value with Splunk.

  8. Each of the examples will give you a brief description, tell you the log sources, and also tell you any MITRE or Kill Chain phases.

  9. Click into an example to get more detail. With the examples that only need Splunk Enterprise, you’ll also be able to view the full search string, along with detailed documentation. That’s it for this tour! Start exploring the examples and see how to get the most from your data with Splunk.

Other Recommendations

Security Data Journey

Splunk’s security experts analyzed a typical path that Splunk customers take through their Splunk Journey and formed it into six maturity stages. These will help you understand what data to ingest when, and what challenges and milestones are typically faced as organizations move forward.

  1. The Security Data Journey walks you though the path that we typically see newer customers walk as the mature. It details each stage with milestones and common challenges.

  2. The Journey also includes the data sources that we commonly seen at each stage of the journey for users pursuing Security Monitoring.

  3. Drag the slider-bar on the right side to view the details for other stages of the Journey.

  4. All of the content in Splunk Security Essentials is oriented towards this journey, so that if you’re just getting started you can limit yourself to just Stage one.