This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
List of dashboards to app
These dashboards are included in the Splunk App for Enterprise Security. Use the Navigation editor to add or rearrange dashboards and menus.
To view entire the list of dashboards in the application, go to Search > Dashboards.
| Dashboard name | Security Domain | Part of Add-on |
|---|---|---|
| Access Center | Access | DA-ESS-AccessProtection |
| Access Search | Access | DA-ESS-AccessProtection |
| Access Tracker | Access | DA-ESS-AccessProtection |
| Account Management | Access | DA-ESS-AccessProtection |
| Asset Center | Asset | SA-IdentityManagement |
| asset_investigator | Asset | SA-ESS-IdentityManagement |
| Data Model Audit | Splunk_SA_CIM | |
| Data Protection | Access | DA-ESS-AccessProtection |
| Default Account Activity | Access | DA-ESS-AccessProtection |
| Endpoint Changes | Endpoint | DA-ESS-EndpointProtection |
| Forwarder Audit | Audit | SA-AuditAndDataProtection |
| HTTP Category Analysis | Network | DA-ESS-NetworkProtection |
| HTTP User Agent Analysis | Network | DA-ESS-NetworkProtection |
| Identity Center | Identity | SA-IdentityManagement |
| identity_investigator | SplunkEnterpriseSecuritySuite | |
| Incident Review | Threat | SA-ThreatIntelligence |
| Incident Review Audit | Threat | SA-ThreatIntelligence |
| Intrusion Center | Network | DA-ESS-NetworkProtection |
| Intrusion Search | Network | DA-ESS-NetworkProtection |
| Malware Center | Endpoint | DA-ESS-EndpointProtection |
| Malware Operations | Endpoint | DA-ESS-EndpointProtection |
| Malware Search | Endpoint | DA-ESS-EndpointProtection |
| MITRE | Threat | SA-ThreatIntelligence |
| Network Changes | Network | DA-ESS-NetworkProtection |
| New Domain Analysis | Network | DA-ESS-NetworkProtection |
| Notable Event Geography | SplunkEnterpriseSecuritySuite | |
| Per-Panel Filter Audit | Utilities | SA-Utils |
| Port & Protocol Tracker | Network | DA-ESS-NetworkProtection |
| Predictive Analytics | Splunk_SA_CIM | |
| Project HoneyPot | Threat | SA-ThreatIntelligence |
| REST Audit | Utilities | SA-Utils |
| Search Audit | Audit | SA-AuditAndDataProtection |
| Security Posture | SplunkEnterpriseSecuritySuite | |
| Session Center | Identity | SA-IdentityManagement |
| Splunk Add-on for Windows: Setup | Splunk_TA_windows | |
| Splunk for Unix Add-on: Setup | Splunk_TA_nix | |
| Suppression Audit | Threat | SA-ThreatIntelligence |
| System Center | Endpoint | DA-ESS-EndpointProtection |
| Threat List Activity | Threat | SA-ThreatIntelligence |
| Time Center | Endpoint | DA-ESS-EndpointProtection |
| Traffic Center | Network | DA-ESS-NetworkProtection |
| Traffic Search | Network | DA-ESS-NetworkProtection |
| Traffic Size Analysis | Network | DA-ESS-NetworkProtection |
| Update Center | Endpoint | DA-ESS-EndpointProtection |
| Update Search | Endpoint | DA-ESS-EndpointProtection |
| URL Length Analysis | Network | DA-ESS-NetworkProtection |
| US-CERT | Threat | SA-ThreatIntelligence |
| View Audit | SplunkEnterpriseSecuritySuite | |
| Virus Bulletin | Threat | SA-ThreatIntelligence |
| Vulnerability Center | Network | DA-ESS-NetworkProtection |
| Vulnerability Operations | Network | DA-ESS-NetworkProtection |
| Vulnerability Search | Network | DA-ESS-NetworkProtection |
| Web Center | Network | DA-ESS-NetworkProtection |
| Web Search | Network | DA-ESS-NetworkProtection |
| Wildlist | Threat | SA-ThreatIntelligence |
Splunk App for Enterprise Security file structure
The Splunk App for Enterprise Security is composed of a series of underlying apps, each of which is implemented as a subdirectory of the $SPLUNK_HOME/etc/apps/ (*Nix) or $SPLUNK_HOME\etc\apps (Windows) directory in Splunk.
The following table shows the location of the Enterprise Security files within the Splunk directory structure.
| Path under $SPLUNK_HOME | Description |
|---|---|
| etc/apps/SplunkEnterpriseSecuritySuite etc\apps\SplunkEnterpriseSecuritySuite |
Contains the core components of the Spunk App for Enterprise Security |
| etc/apps/DA-* etc\apps\DA-* |
Each DA directory provides the underlying functionality for one of the domains in Splunk for Enterprise Security, including the saved searches, macros, and lookups. For example, the "DA-EndpointProtection" directory contains the functionality for the Endpoint protection domain. |
| etc/apps/SA- etc\apps\SA-* |
Each SA directory provides the underlying support modules for a specific area of knowledge used by the domains in Splunk for Enterprise Security. |
| etc/apps/TA-* etc\apps\TA-* |
Each TA directory contains the files for a specific technology supported by Splunk for Enterprise Security. These files include the content necessary to optimize, normalize, and categorize data inputs. |
Last modified on 18 November, 2014
| FAQ | Data models in the Enterprise Security app |
This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1
Download manual
Feedback submitted, thanks!