Splunk® Enterprise Security

Use Splunk Enterprise Security

Review the summary of an investigation in Splunk Enterprise Security

Every investigation in Splunk Enterprise Security includes a summary. From an investigation, click Summary to view the summary. The summary provides an overview of the notable events and the artifacts, or investigated assets and identities, that are associated with your investigation.

You can use the summary to provide an overview of an investigation to a SOC manager or to get an overview of the current state of an investigation before you continue working on it.

The summary reflects a point in time of the investigation, rather than the overall progress of an investigation. Therefore, the artifacts listed on the summary page reflect the artifacts present at the end of the investigation, rather than all artifacts that you investigated on the workbench.

Last modified on 19 January, 2022
Refer to your action history in Splunk Enterprise Security   Use Analytic Stories for actionable guidance in

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters