The following are the six steps to use Splunk for security:
Collection: Collect the basic security logs and machine data
Normalization: Apply a standard security taxonomy. Add asset and identity data
Expansion: Collect additional high fidelity data sources to drive advanced detection of an attack
Enrichment: Augment security data with Intelligence sources for an in-depth understanding of the context and impact of the event.
Automation and Orchestration: Establish a consistent and repeatable security operation capacity.
Advanced Detection: Apply sophisticated detection mechanisms
If you are looking for an online course to learn Splunk, check out this Splunk Training course by Intellipaat.
You can watch this video on Splunk Enterprise Security: