Splunk Enterprise Security is a premium app for the Splunk platform that addresses SIEM use cases by providing insight into machine data from security sources. The app includes prepackaged dashboards, correlations, and incident response workflows to help security teams analyze and respond to their network, endpoint, access, malware, vulnerability, and identity information. For admin and user documentation about Splunk Enterprise Security, see Splunk Enterprise Security in the Splunk documentation.
Other apps and add-ons can provide additional data, knowledge management, and operational intelligence to Splunk Enterprise Security specific to certain technologies or use cases. Splunk Enterprise Security has five frameworks that are available for integration.
Splunk Enterprise Security is supported by a set of frameworks. These frameworks implement the functional areas of Splunk Enterprise Security. Together, the frameworks support the monitoring and alerting content packaged within Splunk Enterprise Security, as well as external content provided in other security apps. As a developer, you can integrate with these frameworks to provide your own custom content for users of Splunk Enterprise Security.
There are five frameworks.
The frameworks, in combination with other supporting components, form a functional layer in the architecture of Splunk Enterprise Security. The framework layer depends on the Splunk platform and several add-ons that provide data and knowledge management. In turn, the framework layer supports the Splunk Enterprise Security content that provides monitoring and alerting capabilities to users.
These frameworks are not itemized packages within the Splunk Enterprise Security folder structure. Instead, their code and integration points are distributed over a number of related supporting and domain add-ons bundled within the Splunk Enterprise Security app.
Because the interrelationship of these add-ons is complex, follow the best practices provided in this guide to build integrations that tolerate upgrades and changes to the frameworks and the functionality they support. For more information about the solution architecture, see About the Enterprise Security solution architecture.
Ready to start building your own integration? See Planning your integration for ES.