Splunk Enterprise Security Features

Diagnose and resolve incidents without the need for human interaction.

Guide users through the resolution process and give specific instructions to remedy individual occurrences.

Cuts off network connection or temporarily inactivate applications until incidents are remedied.

Gathers information related to threats in order to gain further information on remedies.

Analyzes incidents, correlates related events, and determines the scope and impact of attacks.

Information on each incident is stored in databases for user reference and analytics.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Ability to track incidents, tasks, evidence, and investigation progress within a structured case.

Administrators can organize workflows to guide remedies to specific situations incident types.

Documents the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Keeps records of each network asset and its activity. Discovers new assets accessing the network.

Provides security information and stores the data in a secure repository for reference.

Alerts users of incidents and allows users to intervene manually or triggers an automated response.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Documents cases of abnormal activity and compromised systems.

Stores information related to common threats and how to resolve them once incidents occur.

Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.

Allows users to customize analytics with granulized metrics that are pertinent to your specific resources.

Allows users to search databases and incident logs to gain insights on vulnerabilities and incidents.

Allows users to generate text based on a text prompt.

Condenses long documents or text into a brief summary.

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Detect and link suspicious activities across systems in real time.

Identify and dismiss non‑threats through intelligent pattern recognition.

Reduce noise by automatically evaluating and prioritizing alerts based on risk and context.

Investigate alerts end‑to‑end, gathering evidence and building incident timelines.

Enrich cases with data from SIEM, EDR, cloud, identity, and threat‑intel feeds.

Create visual maps of threat propagation and lateral movement through networks.

Allow SOC teams to query agents via natural language about ongoing cases.

Improve agent performance through adaptive learning from security team corrections.

Provide human‑readable reasoning trails and decision justifications.

Track and lower MTTD/MTTR/MTTC through autonomous reactions.

Adapt remediation actions without requiring static SOAR playbooks.

Execute predefined or adaptive responses (e.g., isolate endpoints, revoke credentials).