List of reports by security domain
Use these reports to create panels for your custom dashboards in the Splunk App for Enterprise Security. The add-ons, domain add-ons, and supporting add-ons can be found in $SPLUNK_HOME/etc/apps
.
Access Reports
These reports are part of the DA-ESS-AccessProtection domain add-on.
Report | Security Domain |
---|---|
Access - Access Over Time | Access |
Access - Access Over Time by Action | Access |
Access - Access Over Time by App | Access |
Access - Account Usage For Expired Identities | Access |
Access - Default Account Usage Over Time | Access |
Access - Default Account Usage Over Time By App | Access |
Access - Default Accounts in Use | Access |
Access - Default Local Accounts | Access |
Access - Distinct Apps | Access |
Access - Distinct Destinations | Access |
Access - Distinct Sources | Access |
Access - Distinct Users | Access |
Access - First Time Account Access | Access |
Access - First Time Account Access Over Time | Access |
Access - Inactive Account Usage | Access |
Access - Inactive Accounts | Access |
Access - Notable Access Events | Access |
Access - Privileged Account Usage Over Time | Access |
Access - Privileged Accounts in Use | Access |
Access - Top Access By Destination | Access |
Access - Top Access By Source | Access |
Access - Total Access Attempts | Access |
Access - Unique Access By App Count | Access |
Access - Unique Access By Destination Count | Access |
Access - Unique Access By User Count | Access |
Application State Reports
These reports are part of the DA-ESS-EndpointProtection domain add-on.
Report | Security Domain |
---|---|
App State - Ports by System Count | App State |
App State - Processes by System Count | App State |
App State - Services by System Count | App State |
App State - Systems by Port Count | App State |
App State - Systems by Process Count | App State |
App State - Systems by Service Count | App State |
Asset Reports
These reports are part of the SA-IdentityManagement supporting add-on.
Report | Security Domain |
---|---|
Assets - Asset Information | Assets |
Assets - Assets by Business Unit | Assets |
Assets - Assets by Category | Assets |
Assets - Assets by Priority | Assets |
Audit Reports
These reports are part of the SA-AuditAndDataProtection supporting add-on.
Report | Security Domain |
---|---|
Audit - ES View Activity Over Time | Audit |
Audit - Event Count Over Time By Top 10 Hosts | Audit |
Audit - Expected ES View Activity | Audit |
Audit - Hosts By Last Report Time | Audit |
Audit - Searches Over Time by Type | Audit |
Audit - Searches Over Time by User | Audit |
Audit - Splunk Service Start Mode Anomalies | Audit |
Audit - Splunkd Process Utilization | Audit |
Audit - Top Searches by Run Time | Audit |
Audit - Web Service Errors | Audit |
CIM Reports
These reports are part of the SA_CommonInformationModel supporting add-on.
Report | Security Domain |
---|---|
CIM - Data Model Acceleration Details | CIM |
CIM - Top Data Model Accelerations By Run Duration | CIM |
CIM - Top Data Model Accelerations By Size | CIM |
Change Reports
These reports are part of the DA-ESS-AccessProtection and DA-ESS-NetworkProtection domain add-ons.
Report | Security Domain |
---|---|
Change - Account Lockouts | Change |
Change - Account Management by Source User | Change |
Change - Account Management Over Time By Action | Change |
Change - Endpoint Changes By Action | Change |
Change - Endpoint Changes By System | Change |
Change - Endpoint Changes By Type | Change |
Change - Network Changes By Action | Change |
Change - Network Changes By Device | Change |
Change - Recent Account Management | Change |
Change - Recent Endpoint Changes | Change |
Change - Recent Network Changes | Change |
Change - Top Account Management Events | Change |
Endpoint Reports
These reports are part of the DA-ESS-EndpointProtection domain add-on.
Report | Security Domain |
---|---|
Endpoint - Application Errors | Endpoint |
Endpoint - SELinux Configurations By System | Endpoint |
Endpoint - SSHD Configurations By System | Endpoint |
IDS (Intrusion Detection Scan) Reports
These reports are part of the DA-ESS-Network Protection domain add-on.
Report | Security Domain |
---|---|
IDS - Activity By Category | IDS |
IDS - Activity By IDS Type | IDS |
IDS - Activity By Severity | IDS |
IDS - Activity Over Time | IDS |
IDS - Activity Over Time By Attack | IDS |
IDS - Activity Overl Time By Category | IDS |
IDS - Activity Over Time By Destination | IDS |
IDS - Activity Over Time By Device | IDS |
IDS - Activity Over Time By Severity | IDS |
IDS - Activity Over Time By Source | IDS |
IDS - High Severity Attacks | IDS |
IDS - New Attacks | IDS |
IDS - Scanning Activity (Many Attacks) | IDS |
IDS - Scanning Activity (Many Systems) | IDS |
IDS - Top Attacks By Attack | IDS |
IDS - Top Attacks By Category | IDS |
IDS - Top Attacks By Destination | IDS |
IDS - Top Attacks By Device | IDS |
IDS - Top Attacks By Severity | IDS |
IDS - Top Attacks By Source | IDS |
IDS - Unique Categories | IDS |
IDS - Unique Destinations | IDS |
IDS - Unique Signature Count | IDS |
IDS - Unique Sources | IDS |
Identities Reports
These reports are part of the SA-IdentityManagement supporting add-on.
Report | Security Domain |
---|---|
Identities - Identities by Business Unit | Identities |
Identities - Identities by Category | Identities |
Identities - Identities by Priority | Identities |
Identities - Identity Information | Identities |
Incident Review Reports
These reports are part of the SA-ThreatIntelligence supporting add-on.
Report | Security Domain |
---|---|
Incident Review - Activity by Reviewer Over Time | Incident Review |
Incident Review - Notable Events by Status | Incident Review |
Incident Review - Recent Review by Activity | Incident Review |
Incident Review - Top Reviewers | Incident Review |
Inventory Reports
These reports are part of the DA-ESS-EndpointProtection domain add-on.
Report | Security Domain |
---|---|
Inventory - Operating Systems By System Count | Inventory |
Inventory - System By User Count | Inventory |
Inventory - Users By System Count | Inventory |
Malware Reports
These reports are part of the DA-ESS-EndpointProtection domain add-on.
Report | Security Domain |
---|---|
Malware - Activity Over Time | Malware |
Malware - Activity Over Time By Action | Malware |
Malware - Activity Over Time By Infection | Malware |
Malware - Average Infection Length | Malware |
Malware - Average Infection Length Over Time | Malware |
Malware - Clients By Product Version | Malware |
Malware - Clients By Signature Version | Malware |
Malware - Clients Not Updating Signatures | Malware |
Malware - Infected System Count | Malware |
Malware - Multiple Infections | Malware |
Malware - New Infections | Malware |
Malware - New Malware | Malware |
Malware - Old Malware Infections | Malware |
Malware - Oldest Infection | Malware |
Malware - Oldest Infections | Malware |
Malware - Percent Of Systems Infected | Malware |
Malware - Repeat Infections | Malware |
Malware - Systems With Anti-Malware | Malware |
Malware - Top 10 Infected Domains | Malware |
Malware - Top 10 Infected Systems | Malware |
Malware - Top 10 Infections | Malware |
Malware - Top Infected Domain | Malware |
Malware - Top Infected System | Malware |
Malware - Top Infection | Malware |
Malware - Total Infection Count | Malware |
Malware - Unique Infected Systems | Malware |
Malware - Unique Infections | Malware |
Malware - Unique Malware Count | Malware |
Notable Events Reports
These reports are part of the SplunkEnterpriseSecuritySuite add-on.
Report | Security Domain |
---|---|
Notable - Events By Urgency | Notable |
Notable - Events Over Time | Notable |
Notable - Events Over Time By Security Domain | Notable |
Notable - Top Events | Notable |
Notable - Top Notable Event Destinations | Notable |
Notable - Top Notable Event Sources | Notable |
Notable - Total Events By Access Domain | Notable |
Notable - Total Events By Audit Domain | Notable |
Notable - Total Events By Endpoint Domain | Notable |
Notable - Total Events By Identity Domain | Notable |
Notable - Total Events By Network Domain | Notable |
Notable - Total Events By Threat Domain | Notable |
Per-Panel Filtering Reports
These reports are part of the SA-Utils supporing add-on.
Report | Security Domain |
---|---|
Per-Panel Filtering - Activity By User Over Time | Per-Panel Filtering |
Per-Panel Filtering - Recent Activity | Per-Panel Filtering |
Per-Panel Filtering - Top Users | Per-Panel Filtering |
Performance Reports
These reports are part of the DA-EndpointProtection domain add-on.
Report | Security Domain |
---|---|
Performance - Average System Uptime | Performance |
Performance - Indexing Time Delay By Host | Performance |
Performance - Indexing Time Delay By Sourcetype | Performance |
Performance - Maximum System Uptime | Performance |
Performance - Memory Utilization By System | Performance |
Performance - Minimum System Uptime | Performance |
Performance - Number Of Systems Not Reporting | Performance |
Performance - Number Of Systems Not Time Synchronizing | Performance |
Performance - Number Of Systems With Update Anomalies | Performance |
Performance - Storage Utilization By System | Performance |
Performance - Systems Not Time Synching | Performance |
Performance - Time Service Start Mode Anomalies | Performance |
Performance - Time Synchronization Failures | Performance |
Performance - Top-Average CPU Load Over Time By System | Performance |
Performance - Uptime By System | Performance |
Sessions Reports
These reports are part of the SA-IdentityManagement supporting add-on.
Report | Security Domain |
---|---|
Sessions - Network Session Details | Sessions |
Sessions - Network Sessions Over Time | Sessions |
Suppression Reports
These reports are part of the SA-ThreatIntelligence supporting add-on.
Report | Security Domain |
---|---|
Suppressions - Currently Suppressed Events Over Time | Suppressions |
Suppressions - Expired Suppressions | Suppressions |
Suppressions - Suppression History Over Time | Suppressions |
Suppressions - Suppression Management Activity | Suppressions |
Traffic Reports
These reports are part of the DA-ESS-NetworkProtection domain add-on.
Report | Security Domain |
---|---|
Traffic - Maximum Bytes | Traffic |
Traffic - Mean Bytes | Traffic |
Traffic - Minimum Bytes | Traffic |
Traffic - New Port Activity | Traffic |
Traffic - Prohibited Or Insecure Traffic Over Time | Traffic |
Traffic - Prohibited Traffic Details | Traffic |
Traffic - Scan Activity By Destination Ports | Traffic |
Traffic - Scan Activity By Destinations | Traffic |
Traffic - Standard Deviation Bytes | Traffic |
Traffic - Threat List Communication | Traffic |
Traffic - Top Traffic By Destination | Traffic |
Traffic - Top Traffic By Destination Port | Traffic |
Traffic - Top Traffic By Device | Traffic |
Traffic - Top Traffic By Source | Traffic |
Traffic - Top Traffic By Source Port | Traffic |
Traffic - Top Traffic By Transport | Traffic |
Traffic - Total Count | Traffic |
Traffic - Traffic Over Time | Traffic |
Traffic - Traffic Over Time By Action | Traffic |
Traffic - Traffic Over Time By Bytes | Traffic |
Traffic - Traffic Over Time By Destination | Traffic |
Traffic - Traffic Over Time By Destination Port | Traffic |
Traffic - Traffic Over Time By Device | Traffic |
Traffic - Traffic Over Time By Source | Traffic |
Traffic - Traffic Over Time By Source Port | Traffic |
Traffic - Traffic Over Time By Transport Protocol | Traffic |
Traffic - Traffic Size Anomalies | Traffic |
Traffic - Traffic Size Anomalies Over Time | Traffic |
Traffic - Unique Destinations | Traffic |
Traffic - Unique Sources | Traffic |
Updates Reports
These reports are part of the DA-ESS-EndpointProtection domain add-on.
Report | Security Domain |
---|---|
Updates - Available Updates | Updates |
Updates - Available Updates by System | Updates |
Updates - Installed Updates | Updates |
Updates - Number of Systems Not Updating | Updates |
Updates - Number of Systems With Start Mode Anomalies | Updates |
Updates - Systems by Last Update Time | Updates |
Updates - Top Systems Needing Updates | Updates |
Updates - Top Updates Needed | Updates |
Updates - Update Errors | Updates |
Updates - Update Service Start Mode Anomalies | Updates |
Updates - Updates by Status | Updates |
Utilities Reports
These reports are part of the SA-Utils supporting add-on.
Report | Security Domain |
---|---|
Utils - Top REST Actions | Utils |
Utils - Top REST Actions By Sourcetype | Utils |
Utils - Top REST Actions By Duration | Utils |
Vulnerability Reports
These reports are part of the DA-ESS-NetworkProtection domain add-on.
Report | Security Domain |
---|---|
Vuln - Average Vulnerability Age | Vuln |
Vuln - Average Vulns Per System | Vuln |
Vuln - Delinquent Scanning | Vuln |
Vuln - Most Vulnerable Hosts | Vuln |
Vuln - New Vulnerabilities | Vuln |
Vuln - Percentage Of Vulnerable Systems | Vuln |
Vuln - Scan Activity Over Time | Vuln |
Vuln - Top Vulnerabilities | Vuln |
Vuln - Total Vulnerabilities | Vuln |
Vuln - Vulnerabilities By Age | Vuln |
Vuln - Vulnerabilities By Category | Vuln |
Vuln - Vulnerabilities By Severity | Vuln |
Vuln - Vulnerable System Count | Vuln |
Web Reports
These reports are part of the DA-ESS-NetworkProtection domain add-on.
Report | Security Domain |
---|---|
Web - Destination Count | Web |
Web - Events Over Time By Action | Web |
Web - Events Over Time By Content Type | Web |
Web - Events Over Time By Method | Web |
Web - Events Over Time By Status | Web |
Web - Events Over Time By User Agent | Web |
Web - HTTP Category Count | Web |
Web - HTTP Category Details | Web |
Web - HTTP Category Distribution | Web |
Web - HTTP Category Maximum Count | Web |
Web - HTTP Category Mean Count | Web |
Web - HTTP Category Minimum Count | Web |
Web - HTTP Category Standard Deviation Count | Web |
Web - Source Count | Web |
Web - Top Destinations | Web |
Web - Top Sources | Web |
Web - Total Events By Action | Web |
Web - Total Events By Content Type | Web |
Web - Total Events By Method | Web |
Web - Total Events By Status | Web |
Web - Total Events By User Agent | Web |
Web - URL Count | Web |
Web - URL Length Anomalies | Web |
Web - URL Length Anomalies Over Time | Web |
Web - URL Length Over Time | Web |
Web - URL Length Standard Deviation | Web |
Web - URL Maximum Length | Web |
Web - URL Mean Length | Web |
Web - URL Minimum Length | Web |
Web - User Agent Count | Web |
Web - User Agent Details | Web |
Web - User Agent Distribution | Web |
Web - User Agent Length Standard Deviation | Web |
Web - User Agent Maximum Length | Web |
Web - User Agent Mean Length | Web |
Web - User Agent Minimum Length | Web |
Whois Reports
These reports are part of the DA-ESS-NetworkProtection domain add-on.
Report | Security Domain |
---|---|
Whois - New Domain Activity | Whois |
Whois - New Domain Activity By Age | Whois |
Whois - New Domain Activity By TLD | Whois |
Whois - Registration Details | Whois |
Indexes | List of search macros |
This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3
Feedback submitted, thanks!