Skip to content
Article

Meet ES Helper

ES Helper is the purpose-built tool for getting Splunk Enterprise Security over the hump and actionable for Security Teams. Enterprise Security is a complex tool that takes all kinds of data to create its interesting visuals and track its notable events, but due to its complexity it can be off-putting to new or inexperienced Splunk Admins. ES Helper is here to bridge the gap and help those get a head start on utilizing an amazing security tool. 

Where are we at?

Every action plan needs a starting place, and ES Helper figures that out for you with automation. With a set of interesting and complex searches, the Atlas Element analyzes your ES Deployment and gives out the ES Utilization Score.

This score immediately tells Splunk and ES Owners where they ‘are’ with their deployment, and what room they have to grow. This is supremely beneficial for tracking growth of the platform and analyzing how well you are utilizing your investment into security and simplifies the complex workflows of ES into a digestible format.

What’s next?

After gaining perspective on the status of the Enterprise Security deployment with the ES Utilization Score, the next logical question is to ask how to improve it. ES Helper is right there with you with the ES Datamodel Report. This Report shows how much data is being ingested into Enterprise Security, and furthermore, layers a priority lens over it for context.

The Priority labels are derived from Team Atlas’s investigation in how Splunk ES utilizes the data, the importance of the tied outcomes from the data, and how much bang for the data buck each data point gives Security Analysts. Using this Priority, and the investigation into how filled the datamodels are, Splunk Admins can quickly identify which datamodel should be buffed up with more data to improve data coverage in Enterprise Security.

Lucky for the Admins, selecting the datamodel in Atlas ES Helper quickly identifies any recommended sourcetypes to fill out the datamodel with actionable data.

This workflow enables Admins to go from zero to hero with ES with a clear line of sight on next steps for improving their security monitoring and posture!

What’s Changed?

After updating a datamodel with a whole slew of additional data sources. An Admin may ask what impact they actually had. With ES Helper, Admins can utilize our analysis to get quick results on which dashboards and searches changed, enabling a quick validation check and reward for hard work!

Conclusion

ES Helper speed up a technical and slow process of improving an Enterprise Security deployment. By fast tracking a Splunk Admin’s ability to analyze their environment, identify new data sources, and track changes, Splunk Admins can quickly improve and track their improvement to their Security CIM. This effort is even more improved by bringing Expertise on Demand into the mix, who will further enable Admins to meet their security needs ahead of schedule!

Author