SECURITY

Splunk Enterprise Security Editions 

Enterprise Security (ES) Editions is a unified platform for threat detection, investigation, and response — seamlessly integrated with agentic AI, SOAR, UEBA, and the market-leading SIEM.
Take a guided tour

Stop letting SOC challenges hold you back

Data shows what obstacles SOC teams are up against — and why it’s time for a more effective threat detection, investigation, and response (TDIR) solution.

Evolving Risk
46%

of SOC team members say that alerts lack sufficient context in their workflow.

Complex Workflows
59%

spend too much time or effort maintaining tools and associated workflows.

Skills Gap
53%

of organizations report that their SOC does not have the expertise to create effective detections.

Read the State of Security

 

Get one platform — for all your SOC needs

Gain broad visibility and advanced threat detection

ES Editions helps security teams manage, search, and analyze data across every domain, cloud, and device. With broad visibility, AI-driven detection, and AI-powered alert prioritization, SOC teams can focus on true positives and respond fast to high-fidelity alerts.

Unify TDIR into one security operations platform

Eliminate silos and context switches with an end-to-end platform that integrates detection, investigation, and response. ES Editions centralizes SOC workflows, streamlining every phase from detection to remediation — all within a single, intuitive workspace.

Detect insider threats and zero-day attacks with UEBA

ES Editions uses machine learning-driven user and entity behavior analytics (UEBA) to identify anomalies and behavioral changes, so that your team can mitigate compromised accounts and assets.

Leverage SOC-wide automation and contextual enrichment

Empower each SOC member to leverage automation with SOAR and automatic threat enrichment. Streamline investigations, use response plans to remove guesswork, and ensure consistent response.

Supercharge every analyst with AI-driven workflows

Equip every analyst with AI to minimize manual effort, accelerate investigations, and respond faster using natural language queries, guided workflows, instant summaries, and automated reports.

Deploy detections with confidence for faster mean-time-to-detect

Detection Studio* provides a complete detection lifecycle experience to enable engineers to seamlessly test, deploy, and monitor detections. Measure and enhance your coverage that maps to the MITRE ATT&CK® Framework — so that your team can keep pace with evolving TTPs and swiftly take action on detection gaps.


*In Alpha where available

Dive into more ES Editions’ features
See all features

Risk-Based Alerting (RBA)

Accelerate threat detection and prioritize response

Enhance your SOC’s productivity with high-fidelity threat detection, reducing your alert volumes by up to 90%. RBA increases true positives rates and ensures your team can focus on the most important threats.

integrated with splunk cloud platform

Threat Intelligence Management

best in class logging

Obtain actionable intelligence and context associated with normalized scores based on centralized and enriched data to detect, prioritize, and investigate security events.

UEBA risk and detection tuning

otel collector

Tune machine learning and user behavior models to reflect your specific processes, policies, assets, user roles, and operational functions, improving your ability to detect and mitigate insider and advanced threats.

AI Assistant

integrated with splunk cloud platform

Get instant, tailored investigation guidance, simplified query creation, clear summaries, and automated reports empowering every analyst with a workflow-integrated AI assistant.*

*Controlled availability where available

Data Management and Federation

otel collector

Get borderless data visibility with advanced management features such as Federated Search and Federated Analytics, while optimizing costs for security use cases and enabling the SOC to detect, investigate, and respond to threats faster than ever before.

Enterprise Security (ES) Editions’ purchasing options
View pricing
  ES Essentials ES Premier
What’s Included

Security monitoring

Monitor across on-prem, hybrid, and multi-cloud in real time to spot threats early and reduce risk.

Threat detection

Detect threats quickly and accurately with RBA and Detection Studio to get real-time monitoring, advanced analytics, and threat intelligence.

Threat investigation

Uncover the details of any threat using an integrated platform that combines advanced search, correlation, and analytics to enable collaboration, efficient workflows, and rapid response.

Automation

Automate tasks, orchestrate workflows, and run customizable playbooks with SOAR available to every analyst.

Threat hunting

Leverage powerful search, correlation, analytics, and threat intelligence enrichment to uncover hidden and emerging threats.

Insider threat detection

Spot insider threats early with real-time monitoring and advanced machine learning to flag anomalies, and trigger high-fidelity alerts.

See how customers gain value with Splunk security
View all stories
childrens hospital tab icon

40%

increase in cyber threat detection with the ability to shut down attacks in record time.

Read the story
Progressive Insurance

$120B

in market capitalization protected and significant reduction in noise with risk-based alerting.

Read the story
h-logo-carrefour

3x

faster threat response and more team capacity for higher-value tasks.

Read the story

    Frequently asked questions

    ES Editions is an integrated threat detection, investigation, and response (TDIR) platform that streamlines security workflows into a unified experience. It integrates capabilities like security information and event management (SIEM), agentic AI and SOAR for automation, UEBA, and AI/ML for improving detection accuracy and response speed.

     

    By bringing these capabilities into a single interface, ES Editions reduces inefficiencies, eliminates tool silos, and ensures that SOC teams can detect, investigate, and respond to threats more effectively.

    ES Editions is an integrated threat detection, investigation, and response (TDIR) platform that streamlines security workflows into a unified experience. It integrates capabilities like security information and event management (SIEM), agentic AI and SOAR for automation, UEBA, and AI/ML for improving detection accuracy and response speed.

     

    By bringing these capabilities into a single interface, ES Editions reduces inefficiencies, eliminates tool silos, and ensures that SOC teams can detect, investigate, and respond to threats more effectively.

    ES Editions is an integrated threat detection, investigation, and response (TDIR) platform that streamlines security workflows into a unified experience. It integrates capabilities like security information and event management (SIEM), agentic AI and SOAR for automation, UEBA, and AI/ML for improving detection accuracy and response speed.

     

    By bringing these capabilities into a single interface, ES Editions reduces inefficiencies, eliminates tool silos, and ensures that SOC teams can detect, investigate, and respond to threats more effectively.

    ES Editions is an integrated threat detection, investigation, and response (TDIR) platform that streamlines security workflows into a unified experience. It integrates capabilities like security information and event management (SIEM), agentic AI and SOAR for automation, UEBA, and AI/ML for improving detection accuracy and response speed.

     

    By bringing these capabilities into a single interface, ES Editions reduces inefficiencies, eliminates tool silos, and ensures that SOC teams can detect, investigate, and respond to threats more effectively.

    Get started 

     
    Take a Guided Tour
    Legal
    Privacy
    Sitemap
    Cookies / Do not sell or share my personal data
    Website Terms of Use
    Modern Slavery

    © 2005 - 2026 Splunk LLC All rights reserved.