Splunk is one of the most popular and time-tested SIEM solutions on the market at the time of writing. It is trusted by more than 15,000 customers worldwide for the protection of CIs. In this section, we will review some of the features Splunk supports for security monitoring and alerting.
A high-level overview of the Splunk platform is depicted in the following visual:
Figure 11.11 Overview of the Splunk platform
Splunk as a platform provides a range of sub-products which cater to specific organizational needs. In the context of this chapter, let us review the high-level features of Splunk Enterprise Security and Splunk Light.
This is a comprehensive suite which takes a holistic view of enterprise security by improving security operations with reduced action time, making machine data available for end-to-end visualization with interactive dashboards, and leveraging machine learning and AI to train predictive models for preventive security measures.