Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

List of dashboards to app

These dashboards are included in the Splunk App for Enterprise Security. Use the Navigation editor to add or rearrange dashboards and menus.

To view entire the list of dashboards in the application, go to Search > Dashboards.

Dashboard name Security Domain Part of Add-on
Access Center Access DA-ESS-AccessProtection
Access Search Access DA-ESS-AccessProtection
Access Tracker Access DA-ESS-AccessProtection
Account Management Access DA-ESS-AccessProtection
Asset Center Asset SA-IdentityManagement
asset_investigator Asset SA-ESS-IdentityManagement
Data Model Audit Splunk_SA_CIM
Data Protection Access DA-ESS-AccessProtection
Default Account Activity Access DA-ESS-AccessProtection
Endpoint Changes Endpoint DA-ESS-EndpointProtection
Forwarder Audit Audit SA-AuditAndDataProtection
HTTP Category Analysis Network DA-ESS-NetworkProtection
HTTP User Agent Analysis Network DA-ESS-NetworkProtection
Identity Center Identity SA-IdentityManagement
identity_investigator SplunkEnterpriseSecuritySuite
Incident Review Threat SA-ThreatIntelligence
Incident Review Audit Threat SA-ThreatIntelligence
Intrusion Center Network DA-ESS-NetworkProtection
Intrusion Search Network DA-ESS-NetworkProtection
Malware Center Endpoint DA-ESS-EndpointProtection
Malware Operations Endpoint DA-ESS-EndpointProtection
Malware Search Endpoint DA-ESS-EndpointProtection
MITRE Threat SA-ThreatIntelligence
Network Changes Network DA-ESS-NetworkProtection
New Domain Analysis Network DA-ESS-NetworkProtection
Notable Event Geography SplunkEnterpriseSecuritySuite
Per-Panel Filter Audit Utilities SA-Utils
Port & Protocol Tracker Network DA-ESS-NetworkProtection
Predictive Analytics Splunk_SA_CIM
Project HoneyPot Threat SA-ThreatIntelligence
REST Audit Utilities SA-Utils
Search Audit Audit SA-AuditAndDataProtection
Security Posture SplunkEnterpriseSecuritySuite
Session Center Identity SA-IdentityManagement
Splunk Add-on for Windows: Setup Splunk_TA_windows
Splunk for Unix Add-on: Setup Splunk_TA_nix
Suppression Audit Threat SA-ThreatIntelligence
System Center Endpoint DA-ESS-EndpointProtection
Threat List Activity Threat SA-ThreatIntelligence
Time Center Endpoint DA-ESS-EndpointProtection
Traffic Center Network DA-ESS-NetworkProtection
Traffic Search Network DA-ESS-NetworkProtection
Traffic Size Analysis Network DA-ESS-NetworkProtection
Update Center Endpoint DA-ESS-EndpointProtection
Update Search Endpoint DA-ESS-EndpointProtection
URL Length Analysis Network DA-ESS-NetworkProtection
US-CERT Threat SA-ThreatIntelligence
View Audit SplunkEnterpriseSecuritySuite
Virus Bulletin Threat SA-ThreatIntelligence
Vulnerability Center Network DA-ESS-NetworkProtection
Vulnerability Operations Network DA-ESS-NetworkProtection
Vulnerability Search Network DA-ESS-NetworkProtection
Web Center Network DA-ESS-NetworkProtection
Web Search Network DA-ESS-NetworkProtection
Wildlist Threat SA-ThreatIntelligence

Splunk App for Enterprise Security file structure

The Splunk App for Enterprise Security is composed of a series of underlying apps, each of which is implemented as a subdirectory of the $SPLUNK_HOME/etc/apps/ (*Nix) or $SPLUNK_HOME\etc\apps (Windows) directory in Splunk.

The following table shows the location of the Enterprise Security files within the Splunk directory structure.

Path under $SPLUNK_HOME Description
etc/apps/SplunkEnterpriseSecuritySuite
etc\apps\SplunkEnterpriseSecuritySuite
Contains the core components of the Spunk App for Enterprise Security
etc/apps/DA-*
etc\apps\DA-*
Each DA directory provides the underlying functionality for one of the domains
in Splunk for Enterprise Security, including the saved searches, macros, and lookups.
For example, the "DA-EndpointProtection" directory contains the functionality for the Endpoint protection domain.
etc/apps/SA-
etc\apps\SA-*
Each SA directory provides the underlying support modules for a specific area of
knowledge used by the domains in Splunk for Enterprise Security.
etc/apps/TA-*
etc\apps\TA-*
Each TA directory contains the files for a specific technology supported by Splunk for Enterprise Security. These files include the content necessary to optimize, normalize, and categorize data inputs.
Last modified on 18 November, 2014
FAQ   Data models in the Enterprise Security app

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters