Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Acrobat logo Download topic as PDF

Incident Review dashboard

The Incident Review dashboard shows all current notable events across your deployment, populated by notable events aggregated from the other domain dashboards. By default, the search parameters are set to "All". Modify the search parameters to refine your search by status, urgency, owner, security domain, or governance. Choose a time range for your search and click Search.

Es-IR dashboard-3.0.png

Use this dashboard to identify and investigate issues, perform incident reviews, set event status, and assign events to analysts for review. From here you can drill down to other specific dashboards and domains.

To view the details of an event, select an event and click View details. Select an event and then click Edit... to change the urgency, status, or owner of an event.

Last modified on 13 November, 2013
PREVIOUS
Security Posture dashboard
  NEXT
Predictive Analytics dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters