Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

The Cyber Kill Chain dashboard

The Cyber Kill Chain dashboard includes a custom visualization that shows what content is tied to different parts of the Cyber Kill Chain. The Cyber Kill Chain dashboard takes into account the data and active content in your environment to help you choose new cyber kill chain content. Each number in this dashboard represents a piece of content. Content labelled Active means that you have content enabled in your environment, Available means that you have content that can be enabled with data already in Splunk, and Needs data means that the data to support the content is missing in Splunk.

Before you use the Cyber Kill Chain, Configure the Data Inventory dashboard and Content Introspection. For more information, see Configure the products you have in your environment with the Data Inventory dashboard or Track active content in Splunk Security Essentials using Content Introspection.

Available Content

In the Kill Chain View, the Cyber Kill Chain tab shows the coverage in your environment against the Kill Chain steps. You can adjust what numbers are displayed in the Cyber Kill Chain visualization to show Active or Available content.

The Chart View shows on a high level how your environment stacks up against the content available and the Cyber Kill Chain. You can switch between the tabs to change the visualization.

Selected Content

The Selected Content panel contains further filters that allow you to drill into individual pieces of content.

View Content

The View Content panel allows you to go directly to the view full details of the selection inside the Security Essentials general content page.

Last modified on 05 January, 2021
The MITRE ATT&CK Framework dashboard   Aggregate risk attributions with the Analyze ES Risk Attributions dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters