Your organization has just installed Splunk Enterprise and you and your security team are excited to get started with it, but now what? What's your next step? Where do you start looking? What security use cases make sense for your environment?

How do you search your data within Splunk to find answers to those tough security questions?

Have no fear - Splunk Security Essentials is here! Detect insiders and advanced attackers in your environment with the free Splunk Security Essentials app. This app uses Splunk Enterprise and the power of our Search Processing Language (SPL) to showcase 55+ working examples of anomaly detection related to User Entity Behavior Analysis (UEBA). Each use case includes sample data and actionable searches that can immediately be put to use in your environment.

The use cases leverage analytics to give analysts the ability to detect unusual activities like users who print more pages than usual (spike detection) or logon to new servers (first seen behavior), the ability to see when adversaries change file names to evade detection, and more. Each use case includes the expected alert volume, an explanation of how the search works, description of the security impact, and allows you to save searches directly from the app to leverage any alert actions you have installed such as creating a Notable Event or Risk Indicator in ES, an External Alarm in UBA, or sending email for review.

Join us for a live demo and an in-depth look into the Splunk Security Essentials app and see how it can jump start your security team's ability to: