false

Use Case definitions

Splunk Enterprise Rapid Adoption Packages Introduction

For organizations with specific IT Operations and Security challenges, Splunk’s new Enterprise Rapid Adoption Packages packages provide the industry’s leading solution to solve challenges with the shortest time to value and most effective deployment cost. Unlike competitors, Splunk Enterprise Rapid Adoption Packages will allow customers to cost-effectively license additional Rapid Adoption Packages to solve a broad set of challenges typically found in smaller or departmental IT and security environments.

  • Splunk Enterprise Rapid Adoption Packages accelerate customers time to value (TTV) with Splunk by providing pre-defined roadmaps to solve specific IT Operations and Security challenges.
  • Splunk and our partners provide a complete roadmap of cost-effective services to ensure customer success in solving their targeted problems.
  • Splunk Enterprise Velocity Package based licensing allows customers to rapidly resolve problems without the need to monitor their data ingest capacity.
  • The Splunk Enterprise Velocity Package licensing allows organizations of all sizes and specific IT Operations and Security challenges to cost effectively deploy with Splunk.
  • Customers can deploy Splunk Enterprise Rapid Adoption Packages with the confidence of knowing Splunk is the leading provider of solutions in both the Security Software and IT Operations software categories according to Gartner and IDC.
  • Users can easily expand and add new Splunk Enterprise Rapid Adoption Packages or upgrade to Enterprise Splunk from anySplunk Enterprise Velocity Package.

Splunk use case videos give users a practical approach to investigating and solving specific problems within their networks. These videos are particularly helpful to beginner and intermediate users, giving them actionable examples that they can start using today. Link: https://youtube.com/playlist

 

Storage Management Package

The Splunk Storage Management Package addresses key issues with data storage in IT Operations environments. This module provides useful monitoring of tiered storage across different vendors where native tools fail to provide sufficient information to storage administrators. This package helps storage administrators with troubleshooting, performance management and capacity planning regardless of storage vendor or type.

The Use Cases supported in the Splunk Storage Management Package include:

  • Log Volume Trending
  • Storage I/O Latency
  • Disk Utilization
  • Storage Speed I/O Utilization by Host
Network Management Package

The Splunk Network Management Package addresses key issues with data networks in IT Operations environments. This module provides useful monitoring tiered storage across different vendors. and when native tools fail to provide sufficient information to storage administrators. This package helps storage administrators with troubleshooting, performance management and capacity planning.

The Use Cases supported in the Splunk Network Management Package include:

  • Wire Data for Application Management
  • Log Volume Trending
  • Network Utilization
  • TOR Traffic
Server Management Package

The Splunk Server Management Package monitors performance characteristics of servers, applications and IT infrastructure. This module provides a comprehensive set of monitoring tools for a variety of IT vendors and platforms, providing proactive alerting and real-time visualizations.

The Use Cases supported in the Splunk Server Management Package include:

  • Memory Measurement by Host
  • Log Volume Trending
  • Processor Level CPU Utilization
  • Server Error Identification
  • New Local Administrator Account Identification
  • Multiple Host Infection
  • New Administrator Accounts
  • Domain Controller Authentication
  • New Administrator Accounts
  • New Services Account
  • Recurring Host Infection
  • Local User Credentials
Application Management Package

The Splunk Application Management Package monitors performance characteristics of enterprise applications, purpose-built code-streams, and IT infrastructure support. This module provides a comprehensive set of monitoring tools for a variety of IT applications and platforms, providing proactive alerting and real-time visualizations.

The Use Cases supported in the Splunk Application Management Package include:

  • Wire Data for Application Management
  • Memory Measurement by Host
  • Log Volume Trending
  • Storage I/O Latency
  • Processor Level CPU Utilization
  • Storage Speed I/O Utilization by Host
Web Management Package

The Splunk Web Management Package monitors performance characteristics of webservers, internet applications and network infrastructure supporting internal and external web platforms. This module provides a comprehensive set of monitoring tools for a variety of IT vendors and platforms, providing proactive alerting and real-time visualizations.

The Use Cases supported in the Splunk Web Management Package include:

  • Slow Web Page Identification
  • Web Page Users by Country Identification
  • Large Web Uploads
  • New Administrator Accounts
  • Increased Host Logins
  • New Services Account
Basic Security Monitoring Package

The Splunk Basic Security Monitoring Package monitors security events of internal IT infrastructure. This module provides a comprehensive set of security monitoring tools supporting a variety of IT vendors and platforms, and providing proactive security alerting and real-time visualizations.

The Use Cases supported in the Splunk Basic Security Monitoring Package include:

  • Basic Brute Force Detection
  • Basic Malware Outbreak
  • Basic Scanning
  • Endpoint Uncleaned Malware Detection
  • Multiple Infections on Host
  • Recurring Infections on Host
  • User Login with Local Credentials
Compliance Package

The Splunk Compliance Package monitors comprehensive events of internal IT infrastructure to ensure compliance. This module provides a set of security and compliance monitoring tools supporting a variety of IT vendors and platforms. The module also provides compliance reporting and can be configured for specialized compliance alerts.

The Use Cases supported in the Splunk Compliance Package include:

  • Access to In-scope Resources
  • Access to In-scope Resources Unencrypted
  • Endpoint Uncleaned Malware Detection
  • New Local Administrator Account
Insider Threat Package

The Splunk Insider Threat Package monitors potential insider threat security events in IT infrastructures. This module provides a comprehensive set of security monitoring tools supporting a variety of IT vendors and platforms. It also provides proactive security alerting for potential insider threats.

The Use Cases supported in the Splunk Insider Threat Package include:

  • Flight Risk Web Browsing
  • Large Web Uploads
  • Source-based High Volume of DNS Traffic
  • User Login with Local Credentials
  • Local User Credentials
Advanced Threat Detection Package

The Splunk Advanced Threat Detection Package monitors potential threats in a variety of IT contexts. This module provides an advanced set of security monitoring tools supporting a variety of IT vendors and platforms. It also provides proactive security alerting for advanced threats.

The Use Cases supported in the Splunk Advanced Threat Detection Package include:

  • New Domain Controller Authentication
  • Basic TOR Traffic Detection
  • Increased Number of Host Logins
  • New Interactive Login from a Service Account
  • New Local Administrator Account Identification
  • Windows Event Log Clearing
License Limitation:
  • Maximum Daily Index Volume permitted: 25GB (regardless of number of use cases)
  • Deployment type: Limited to a single instance deployment
  • Not stackable with other Splunk licenses