Splunk® Enterprise Security

Use Splunk Enterprise Security

Available dashboards in Splunk Enterprise Security

Splunk Enterprise Security includes more than 100 dashboards that provide integrated views and communicate key data that you can customize and share with intended end users. Use Splunk Enterprise Security dashboards to identify and analyze findings and investigations, reveal insights in your events, accelerate investigations, monitor the status of various security domains, and audit your investigations and your Splunk Enterprise Security deployment.

Finding and investigation overview dashboards

You can identify and investigate findings with a suite of dashboards and workflows. Splunk Enterprise Security uses event-based detections to identify and investigate findings in your environment. See the following dashboards:

Security intelligence dashboards

You can accelerate your investigations with specific types of intelligence using security intelligence dashboards.

  • The Risk analysis dashboard allows you to assess the risk scores of systems and users across your network and identify particularly risky devices and users posing a threat to your environment. See Risk analysis dashboard.
  • The Protocol intelligence dashboards use packet capture data from stream capture apps to provide network insights that are relevant to your security investigations. Identify suspicious traffic, DNS activity, and email activity, and review the connections and protocols in use in your network traffic. See Protocol intelligence dashboards.
  • The Threat intelligence dashboards use the threat intelligence sources included in Splunk Enterprise Security and custom sources that you configure to provide context to your investigations and identify known malicious actors in your environment. See Threat intelligence dashboards.
  • The User intelligence dashboards allow you to investigate and monitor the activity of users and assets in your environment. See Asset and identity investigator dashboards and User activity dashboard.
  • The Web intelligence dashboards help you analyze web traffic in your network and identify notable HTTP categories, user agents, new domains, and long URLs. See Web intelligence dashboards.

Security domain dashboards

Security domain dashboards provided with Splunk Enterprise Security allow you to monitor the events and status of important security domains. You can review the data summarized on the main dashboards, and use the search dashboards for specific domains to investigate the raw events.

  • The Access domain dashboards display authentication and access-related data, such as login attempts, access control events, and default account activity. See Access dashboards.
  • The Endpoint domain dashboards display endpoint data relating to malware infections, patch history, system configurations, and time synchronization information. See Endpoint dashboards.
  • The Network domain dashboards display network traffic data provided by devices such as firewalls, routers, network intrusion detection systems, network vulnerability scanners, proxy servers, and hosts. See Network dashboards and Web center and network changes dashboards and Port and protocol tracker dashboard.
  • The Identity domain dashboards display data from your asset and identity lists as well as the types of sessions in use. See Asset and identity dashboards.

Audit dashboards

The audit dashboards provide insight into background processes and tasks performed by Splunk Enterprise Security. Some audit dashboards allow you to review actions taken by users in Splunk Enterprise Security, while others provide insight into your deployment and the status of your data models and content use. See Audit dashboards.

Cloud security dashboards

You can explore your cloud security environment by displaying visualizations from your Amazon Web Services (AWS) and Microsoft 365 environments using the Cloud security dashboards. You can access the dashboards through the cloud security menu and use them for insights into potential security issues such as errors, unusual events, unintended access, and suspicious activity.


Last modified on 22 August, 2024
Investigate observables related to an investigation in Splunk Enterprise Security   Prerequisites to use cloud security dashboards

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters