Splunk Security Essentials

Splunk Security Essentials is the free Splunk app that makes security easier.


SSE's First Partner

Congratulations to Splunk Security Essentials' first integrated partner, Accedian! Add Accedian content to your app today.

Partners Page

About SSE

Splunk Security Essentials (SSE) shows available security content, explains how it works, and helps you deploy that content.

Below, find a quick description for the four key goals for the app: to help you find the right content, learn how to be successful, improve your deployment, and measure your success.


Attend the Two Hour Hands On Training at .conf!

Learn about the latest and greatest in SSE live at .conf from two of the authors -- David Veuve and Johan Bjerke!

.conf Website

Find the Best Content

The #1 goal of Splunk Security Essentials is to help you find the best content. SSE ships with 120+ correlation searches spanning from basic SIEM to detecting advanced adversaries. Everything is mapped to the Kill Chain and MITRE ATT&CK. But we didn’t stop there! SSE includes all of the content from Enterprise Security, ES Content Update, and User Behavior Analytics, all mapped to the same frameworks and other filters as everything in the app. The Analytics Advisor shows gaps where you could immediately turn on detections for the data you already have. We even include a customized MITRE ATT&CK Matrix that overlays active detections and what is available to deploy with the data already onboard!

Try The App Before Installing

Try the Live Demo Environment

Learn Splunk for Security

Whether you’re new to Splunk or new to security, Splunk Security Essentials helps you get up to speed faster by providing you useful information at the right time. The detections in the app include line-by-line SPL documentation that show why they use the search commands they do, and each detection includes lots of context such as the security impact, how to implement it, how to respond when it fires, and known false positives.

See A Live Demo

Video Walkthrough

Improve Your Production Deployment

We built a variety of tools into SSE to help your deployment be successful. The app enables you to understand your active security detections whether they're out-of-the-box, or custom content specific to your organization. The Data Introspection feature tracks what data is present in your environment, and helps connect those products to the detections they enable. We'll even look at check your CIM compliance!

Security personnel will benefit from live dashboards looking at unexpected data latency (powered by Splunk Machine Learning), and they will be able to find gaps by measuring their coverage against common frameworks like MITRE ATT&CK.

Finally, ES users will have faster investigations thanks to pushing MITRE ATT&CK Tactics, Techniques, and Technique Descriptions, alongside Kill Chain phases, all into the Incident Review dashboard in ES. They can also analyze the ES Risk Framework to find users or systems with an unusually high level of risk or activity across multiple ATT&CK Tactics.

Read the Essentials Guide

Download ebook

Measure Your Environment

For those of us more used to technical work, demonstrating the business value of security can be tricky. Splunk Security Essentials can help all users by enabling simple audit-friendly reports on enabled correlation searches (even including your custom content) and tying bytes of data ingest to the detections they power. Some customers have used the MITRE ATT&CK Matrix to justify bringing on new data sources, and SSE has dashboards that specifically let you show how you could fill gaps by bringing on new data sources.

Splunk Security Essentials History

Splunk Security Essentials was built by Splunk's security practice team as a free tool to make our customers more powerful, regardless of their size, maturity, or what products they have.

  • 0

  • 0

  • 0

  • 0

    Days Since Launch