Splunk® Enterprise Security

Use Splunk Enterprise Security

Security posture dashboard

The Security posture dashboard is designed to provide high-level insight into the findings across all domains of your deployment, suitable for display in a security operations center (SOC). This dashboard shows all events from the past 24 hours, along with the trends over the past 24 hours, and provides real-time event information and updates.

Dashboard panels

Panel Description
Key indicators Displays the count of findings by security domain over the past 24 hours.
Findings by urgency Displays the findings by urgency in the last 24 hours.
Findings by urgency uses an urgency calculation based on the priority assigned to the asset and the severity assigned to the detection. The drilldown opens the analyst queue on the Mission Control page, showing all findings with the selected urgency in the last 24 hours.
Findings over time Displays a timeline of findings by security domain. The drilldown opens the analyst queue on the Mission Control page, showing all findings in the selected security domain and time frame.
Top findings Displays the top findings by rule name, including a total count and a sparkline to represent activity spikes over time. The drilldown opens the analyst queue on the Mission Control page scoped to the selected finding rule.
Top findings sources Displays the top 10 findings by src, including a total count, a count per correlation and domain, and a sparkline to represent activity spikes over time. The drilldown opens the analyst queue on the Mission Control page scoped to the selected finding source.
Last modified on 30 August, 2024
Prerequisites to use cloud security dashboards   Executive summary dashboard

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters