Review the summary of an investigation in Splunk Enterprise Security
Every investigation in Splunk Enterprise Security includes a summary. From an investigation, click Summary to view the summary. The summary provides an overview of the notable events and the artifacts, or investigated assets and identities, that are associated with your investigation.
You can use the summary to provide an overview of an investigation to a SOC manager or to get an overview of the current state of an investigation before you continue working on it.
The summary reflects a point in time of the investigation, rather than the overall progress of an investigation. Therefore, the artifacts listed on the summary page reflect the artifacts present at the end of the investigation, rather than all artifacts that you investigated on the workbench.
Refer to your action history in Splunk Enterprise Security
Use Analytic Stories for actionable guidance in
This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only, 6.6.0