Splunk® Enterprise Security

Use Splunk Enterprise Security

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Review the summary of an investigation in Splunk Enterprise Security

Every investigation in Splunk Enterprise Security includes a summary. From an investigation, click Summary to view the summary. The summary provides an overview of the notable events and the artifacts, or investigated assets and identities, that are associated with your investigation.

You can use the summary to provide an overview of an investigation to a SOC manager or to get an overview of the current state of an investigation before you continue working on it.

The summary reflects a point in time of the investigation, rather than the overall progress of an investigation. Therefore, the artifacts listed on the summary page reflect the artifacts present at the end of the investigation, rather than all artifacts that you investigated on the workbench.

Last modified on 21 January, 2020
PREVIOUS
Refer to your action history in Splunk Enterprise Security
  NEXT
Use Analytic Stories for actionable guidance in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters