Security posture dashboard
The Security posture dashboard is designed to provide high-level insight into the findings across all domains of your deployment, suitable for display in a security operations center (SOC). This dashboard shows all events from the past 24 hours, along with the trends over the past 24 hours, and provides real-time event information and updates.
Dashboard panels
Panel | Description |
---|---|
Key indicators | Displays the count of findings by security domain over the past 24 hours. |
Findings by urgency | Displays the findings by urgency in the last 24 hours. Findings by urgency uses an urgency calculation based on the priority assigned to the asset and the severity assigned to the detection. The drilldown opens the analyst queue on the Mission Control page, showing all findings with the selected urgency in the last 24 hours. |
Findings over time | Displays a timeline of findings by security domain. The drilldown opens the analyst queue on the Mission Control page, showing all findings in the selected security domain and time frame. |
Top findings | Displays the top findings by rule name, including a total count and a sparkline to represent activity spikes over time. The drilldown opens the analyst queue on the Mission Control page scoped to the selected finding rule. |
Top findings sources | Displays the top 10 findings by src , including a total count, a count per correlation and domain, and a sparkline to represent activity spikes over time. The drilldown opens the analyst queue on the Mission Control page scoped to the selected finding source.
|
Prerequisites to use cloud security dashboards | Executive summary dashboard |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0
Feedback submitted, thanks!