Splunk® Enterprise Security

Administer Splunk Enterprise Security

Display annotations for findings and investigations in Splunk Enterprise Security

View the annotations associated with findings to help in root cause analysis during the various phases of an investigation. Annotations for findings are displayed in the side panel when you select a finding or an investigation from the analyst queue in the Mission Control page.

Follow these steps to view the annotations for findings and investigations:

  1. In the Splunk Enterprise Security app, go to the Analyst queue on the Mission Control page to view a list of all findings and investigations.
  2. Locate the finding for which you want to view the annotations.
  3. Select the finding to open the details of the finding in the side panel.
  4. In the side panel, go to the information details to view the annotations.
    The following figure shows the MITRE annotations displayed for the finding: Finding side panel to review annotations for a finding.

When findings or finding groups become an investigation, the annotations might appear side by side from multiple findings. Additionally, the visualizations such as Risk Timeline and Threat Topology also display the MITRE annotations.


See also

For more information on how to access the risk timeline and the threat topology visualizations, see the product documentation:

Last modified on 22 August, 2024
Change the status of a finding or an investigation in Splunk Enterprise Security   Expand tokens in findings in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters