Splunk® Enterprise Security

Use Splunk Enterprise Security

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Security Posture dashboard

The Security Posture dashboard is the home screen for the Splunk App for Enterprise Security, designed to provide high-level insight into the notable events across all domains in your deployment, suitable for display in a Security Operations Center (SOC). This dashboard shows all events from the past 24 hours, along with the trends over the past 24 hours, and auto-updates in real time providing real-time information on events.

Es-SecurityPostureDashboard 3.0.png

Dashboard panels

The following table describes the panels for this dashboard. Drill-down is available for graphs and tables. See "dashboard drill-down" for more information.

Panel Description
Key Indicators: Displays the count of notable events by security domain over the past 24 hours.
Notable Events by Urgency Displays the notable events by urgency for the last 24 hours.
Notable Events by Urgency uses an urgency calculation based on the priority assigned to the asset and the severity assigned to the correlation search. The drilldown redirects the page to the Incident Review dashboard showing all notable events with the selected urgency in the last 24 hours.
Notable Events Over Time Gives a holistic view of notable events.
Notable Events by Time: Displays a time line showing when events occurred. The drilldown redirects the page to the Incident Review dashboard showing all notable events in the selected security domain and time frame.
Top Notable Events Displays the top notable events by rule name, each with a sparkline to show increases in notable event counts.
Top Notable Event Sources Displays the top notable events by src, each with a sparkline to show increases in notable event counts.
Last modified on 13 April, 2015
PREVIOUS
Key indicators
  NEXT
Incident Review dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters