diff --git a/custom-words.txt b/custom-words.txt
index ff37ef57..ee7d4183 100644
--- a/custom-words.txt
+++ b/custom-words.txt
@@ -28,6 +28,7 @@ keypair
 keyserver
 Kubebuilder
 LDIF
+libmagic
 LLDB
 Mailcatcher
 minio
diff --git a/docs/getting-started/business/_category_.yml b/docs/getting-started/business/_category_.yml
new file mode 100644
index 00000000..9d85a1ca
--- /dev/null
+++ b/docs/getting-started/business/_category_.yml
@@ -0,0 +1,2 @@
+label: "Business apps"
+position: 6
diff --git a/docs/getting-started/enterprise/directory-connector/directory-100.ldif b/docs/getting-started/business/directory-connector/directory-100.ldif
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/directory-100.ldif
rename to docs/getting-started/business/directory-connector/directory-100.ldif
diff --git a/docs/getting-started/enterprise/directory-connector/directory-20.ldif b/docs/getting-started/business/directory-connector/directory-20.ldif
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/directory-20.ldif
rename to docs/getting-started/business/directory-connector/directory-20.ldif
diff --git a/docs/getting-started/enterprise/directory-connector/directory-250.ldif b/docs/getting-started/business/directory-connector/directory-250.ldif
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/directory-250.ldif
rename to docs/getting-started/business/directory-connector/directory-250.ldif
diff --git a/docs/getting-started/enterprise/directory-connector/directory-50.ldif b/docs/getting-started/business/directory-connector/directory-50.ldif
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/directory-50.ldif
rename to docs/getting-started/business/directory-connector/directory-50.ldif
diff --git a/docs/getting-started/enterprise/directory-connector/directory-500.ldif b/docs/getting-started/business/directory-connector/directory-500.ldif
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/directory-500.ldif
rename to docs/getting-started/business/directory-connector/directory-500.ldif
diff --git a/docs/getting-started/enterprise/directory-connector/index.mdx b/docs/getting-started/business/directory-connector/index.mdx
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/index.mdx
rename to docs/getting-started/business/directory-connector/index.mdx
diff --git a/docs/getting-started/enterprise/directory-connector/jumpcloud.md b/docs/getting-started/business/directory-connector/jumpcloud.md
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/jumpcloud.md
rename to docs/getting-started/business/directory-connector/jumpcloud.md
diff --git a/docs/getting-started/enterprise/directory-connector/mail-hosts.txt b/docs/getting-started/business/directory-connector/mail-hosts.txt
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/mail-hosts.txt
rename to docs/getting-started/business/directory-connector/mail-hosts.txt
diff --git a/docs/getting-started/enterprise/directory-connector/open-ldap.md b/docs/getting-started/business/directory-connector/open-ldap.md
similarity index 100%
rename from docs/getting-started/enterprise/directory-connector/open-ldap.md
rename to docs/getting-started/business/directory-connector/open-ldap.md
diff --git a/docs/getting-started/enterprise/key-connector.mdx b/docs/getting-started/business/key-connector.mdx
similarity index 100%
rename from docs/getting-started/enterprise/key-connector.mdx
rename to docs/getting-started/business/key-connector.mdx
diff --git a/docs/getting-started/business/splunk-app.md b/docs/getting-started/business/splunk-app.md
new file mode 100644
index 00000000..3f5d4225
--- /dev/null
+++ b/docs/getting-started/business/splunk-app.md
@@ -0,0 +1,105 @@
+# Splunk app
+
+The Bitwarden Splunk app fetches event log data from the Bitwarden Public API and makes it available
+in Splunk.
+
+## Requirements
+
+- Docker. If you're using an Apple Silicon Mac, enable _Docker Desktop_ -> _Settings_ -> _General_
+  -> _Use Rosetta for x86_64/amd64 emulation on Apple Silicon_
+- Python 3.7 - 3.10
+- [Poetry][poetry]
+- libmagic (macOS only), available via homebrew: `brew install libmagic`
+- A Bitwarden Teams or Enterprise organization
+- If using a local development server - make sure the Events and EventsProcessor projects are
+  running and [Event Logging](../server/events.md) is working
+
+## Set up and configuration
+
+### Configure your environment
+
+1. Clone the Github repository:
+
+   ```
+   git clone https://github.com/bitwarden/splunk.git
+   ```
+
+2. Navigate to the root of the repository:
+
+   ```
+   cd splunk
+   ```
+
+3. Tell poetry to use the required Python version:
+
+   ```
+   poetry env use <executable>
+   ```
+
+   Where `<executable>` is the executable for Python. If this is in your PATH variable then you do
+   not need to specify the full path. e.g. `poetry env use python3.8`
+
+4. Activate the poetry shell:
+
+   ```
+   poetry shell
+   ```
+
+5. Install dependencies:
+
+   ```
+   poetry install --with dev
+   ```
+
+### Set up Splunk Enterprise
+
+1. Run Splunk Enterprise:
+
+   ```
+   docker run --rm --platform linux/amd64 --name splunk -d -p 8001:8000 -p 8089:8089 -e SPLUNK_START_ARGS='--accept-license' -e SPLUNK_PASSWORD='password' splunk/splunk:latest
+   ```
+
+   Please note this will set the admin password to `password`. This is for development purposes
+   only.
+
+2. Confirm that Splunk is running by navigating to http://localhost:8001
+
+### Deploy the app
+
+1. Package the app:
+
+   ```
+   ./package.sh
+   ```
+
+   This will produce a packaged Splunk app in `output/bitwarden_event_logs.tar.gz`
+
+2. Deploy the app to Splunk:
+
+   ```
+   ./deploy.sh
+   ```
+
+   This will restart Splunk and it may take a few seconds to become available again after the script
+   is finished
+
+3. (optional) Check the logs for errors or for debugging purposes later:
+   ```
+   docker exec -u splunk -it splunk tail -f /opt/splunk/var/log/splunk/bitwarden_event_logs_beta.log
+   ```
+
+### Configure the app in Splunk
+
+1. Navigate to the Splunk web app: http://localhost:8001
+
+2. Log in with the username `admin` and the password `password`
+
+3. Click on the _Apps_ -> _Bitwarden Event Logs_
+
+4. Complete the setup. Refer to the [Bitwarden Help Center][Bitwarden Splunk SIEM] for more
+   information about configuration
+
+You should now see your organization events in _Apps_ -> _Bitwarden Event Logs_ -> _Dashboards_.
+
+[Bitwarden Splunk SIEM]: https://bitwarden.com/help/splunk-siem/
+[poetry]: https://python-poetry.org/docs/#installation
diff --git a/docs/getting-started/enterprise/_category_.yml b/docs/getting-started/enterprise/_category_.yml
deleted file mode 100644
index 8e77e7bd..00000000
--- a/docs/getting-started/enterprise/_category_.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-label: "Enterprise"
-position: 6