Related Answers
Download topic as PDF
Use Dashboards to view the analytics for the Splunk Add-on for Microsoft Security
MS Security TA logs Dashboard
You can view the log analytics and performance data for the Splunk Add-on for Microsoft Security using this dashboard.
- Navigate to Add-on UI > Log Analytics > MS Security TA logs.
- Select time range from timepicker with label Time for logs on the top left corner.
- Now you can view different type of analytics and panels related to TA logs.
Panels provided in this Dashboard include:
- Microsoft Security TA
- Roles for the MS Security (Requires DEBUG logs enabled)
- CPU consumption (Supported only on specific OS)
- Memory consumption (Supported only on specific OS)
- ATP Alerts ingested
- Defender Incidents ingested
- Defender Incidents
- Defender Alerts associated with Incidents
- Events from EventHub ingested
- Advance Hunting ingested
- Phishing Simulation Attack ingested
- EPS by MS Security sourcetype (EPS stands for Events per Second)
- MS Security .conf current changes
- MS Security .conf update frequency
MS Security TA Errors Dashboard
You can view the Error analytics and performance data sourcetype wise for the Splunk Add-on for Microsoft Security using this dashboard.
- Navigate to Add-on UI > Log Analytics > MS Security TA Errors.
- Select time range from the time selector with the label Time for logs on the top left corner.
- Now you can view different types of analytics and panels related to the TA logs.
Panels provided in this Dashboard:
- ATP Alerts errors
- Defender Incidents errors
- Defender EventHub Input errors
- Advance Hunting errors
- Defender Simulations errors
Last modified on 24 April, 2024
|
PREVIOUS Configure Alert Actions to collect data for the Splunk Add-on for Microsoft Security |
NEXT Troubleshoot the Splunk Add-on for Microsoft Security |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!