Splunk® Enterprise Security

Use Splunk Enterprise Security

Download manual as PDF

Download topic as PDF

Security Posture dashboard

The Security Posture dashboard is designed to provide high-level insight into the notable events across all domains of your deployment, suitable for display in a Security Operations Center (SOC). This dashboard shows all events from the past 24 hours, along with the trends over the past 24 hours, and provides real-time event information and updates.

Dashboard panels

Panel Description
Key Indicators Displays the count of notable events by security domain over the past 24 hours. For more information, see Key indicators in Splunk Enterprise Security.
Notable Events by Urgency Displays the notable events by Urgency for the last 24 hours.
Notable Events by Urgency uses an urgency calculation based on the priority assigned to the asset and the severity assigned to the correlation search. The drilldown opens the Incident Review dashboard showing all notable events with the selected urgency in the last 24 hours.
Notable Events Over Time Displays a timeline of notable events by security domain. The drilldown opens the Incident Review dashboard showing all notable events in the selected security domain and time frame.
Top Notable Events Displays the top notable events by rule name, including a total count and a sparkline to represent activity spikes over time. The drilldown opens the Incident Review dashboard scoped to the selected notable event rule.
Top Notable Event Sources Displays the top 10 notable event by src, including a total count, a count per correlation and domain, and a sparkline to represent activity spikes over time. The drilldown opens the Incident Review dashboard scoped to the selected notable event source.
PREVIOUS
Key indicators in Splunk Enterprise Security
  NEXT
Audit dashboards

This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters