Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Incident Review dashboard

The Incident Review dashboard shows all current notable events across your deployment, populated by notable events aggregated from the other domain dashboards. By default, the search parameters are set to "All". Modify the search parameters to refine your search by status, urgency, owner, security domain, or governance. Choose a time range for your search and click Search.

Es-IR dashboard-3.0.png

Use this dashboard to identify and investigate issues, perform incident reviews, set event status, and assign events to analysts for review. From here you can drill down to other specific dashboards and domains.

To view the details of an event, select an event and click View details. Select an event and then click Edit... to change the urgency, status, or owner of an event.

Last modified on 16 December, 2014
Security Posture dashboard   Predictive Analytics dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters