Splunk® Enterprise Security

Use Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Entity Investigator dashboards

The Entity Investigator dashboards show types of notable events displayed by swim lanes over time, with heat maps to indicate the number for each type of notable event.

ES-Entity Investigator mockup.png

  • swim lanes
  • time picker
  • heat map

Use the section below the main panel to select a type of notable event and zoom in on the details, changing the time span and granularity.

Asset Investigator

The Asset Investigator dashboard shows information about a particular asset in several different areas. The information panel describes the asset that is displayed.

ES-Asset Investigator.png

Click "Today" to select a different time span or drag the edges of the time bar to change the time range for the view.

The following table describes the swimlanes for this dashboard.

Swimlane Description
All Authentication
All Changes
Threat List Activity
IDS Attacks
Malware Attacks
Notable Events

Identity Investigator

The Identity Investigator dashboard shows information about a particular identity in several different areas. The information panel provides information about the identity that is displayed.

ES3 ident invest.png

Click "Today" to select a different time span or drag the edges of the time bar to change the time range for the view.

The following table describes the swimlanes for this dashboard.

Swimlane Description
All Authentication
All Changes
Threat List Activity
IDS Attacks
Malware Attacks
Notable Events

Edit the swim lanes

You can modify the swim lanes displayed in the Identity Investigator dashboard. Click Edit at the top of the dashboard. The swim lane editor can be used to change the group of swim lanes (default or custom), the order of the lanes, or the color used to represent events for that lane.

Es-identity investigator edit lanes.png

  • Choose default or custom collection of lanes
  • Choose order of lanes
  • Choose color to represent events for that lane
Last modified on 15 December, 2014
Predictive Analytics dashboard   Risk Analysis

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters