Splunk® InfoSec App

User Guide

Investigate behaviors using the InfoSec app for Splunk

Access the User Investigation and Host Investigation dashboards by drilling down from one of the other dashboards within the InfoSec app for Splunk. Alternatively, navigate to the dashboards directly and search using the provided filters. Select any represented data within these two dashboards to drill down to that user or host, or display the results of the underlying Splunk search.

Use the following dashboards in the InfoSec app to investigate user- and host-based behaviors and actions:

Investigate user behavior

Use the User Investigation dashboard to investigate user activity using the following information:

  • User information
  • User access by source
  • Access over time by action
  • Access by source
  • Authentication map that shows up to 250 authentication destinations
  • The 100 most recent events

Investigate host behavior

Use the Host Investigation dashboard to investigate host activity using the following information:

  • Network communications
  • Network communications map
  • Authentications and changes
  • Malware and intrusion
Last modified on 25 February, 2021
Identify advanced threats using the InfoSec app for Splunk   Set up controls using the InfoSec app for Splunk

This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters