Security Posture dashboard
The Security Posture dashboard is designed to provide high-level insight into the notable events across all domains of your deployment, suitable for display in a Security Operations Center (SOC). This dashboard shows all events from the past 24 hours, along with the trends over the past 24 hours, and provides real-time event information and updates.
|Key Indicators||Displays the count of notable events by security domain over the past 24 hours. For more information, see Key indicators in Splunk Enterprise Security.|
|Notable Events by Urgency|| Displays the notable events by Urgency for the last 24 hours.|
Notable Events by Urgency uses an urgency calculation based on the priority assigned to the asset and the severity assigned to the correlation search. The drilldown opens the Incident Review dashboard showing all notable events with the selected urgency in the last 24 hours.
|Notable Events Over Time||Displays a timeline of notable events by security domain. The drilldown opens the Incident Review dashboard showing all notable events in the selected security domain and time frame.|
|Top Notable Events||Displays the top notable events by rule name, including a total count and a sparkline to represent activity spikes over time. The drilldown opens the Incident Review dashboard scoped to the selected notable event rule.|
|Top Notable Event Sources|| Displays the top 10 notable event by |
Key indicators in Splunk Enterprise Security
This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1