Monitor your security posture using the InfoSec app for Splunk
Use the Security Posture dashboard for a high-level view of your security posture.
Security posture indicators that report on events hosts and accounts
For an immediate view of the state of your environment compared to the previous 24 hours, use the first two panels of indicators. These provide information on the statistical counts of events and the number of detected hosts and devices.
Use the indicators that display the statistical counts of events on the Security posture dashboard to track the number of events from intrusion detection systems (IDS), antivirus, and malware systems. Each indicator shows the current state, with an arrow identifying the rate of change (positive, neutral, or negative) and the previously recorded statistic from the previous 24 hours.
Use the indicators that display the hosts, devices, and accounts to monitor the number of detected hosts, devices, and accounts being monitored on the Security Posture dashboard. Each indicator also includes the 24-hour trend and previous results for comparative purposes. Clicking on any of these indicators opens a new dashboard with more detailed information.
Security posture dashboards that report on intrusion alerts
Use the following three dashboards within the Security Posture dashboard to break down the reporting of the intrusion alerts into a statistical count:
- Intrusion Alerts by Severity classifies the intrusion alerts by severity
- Intrusion Alerts over Time provides a 24-hour view of the intrusion alerts over time
- Top 10 High Severity Intrusion Alerts indicates the top 10 critical intrusion alerts charted over the same 24-hour window
Click any of these dashboards to get more detail on your IDS.
Security posture dashboards that report on accounts and assets
Use the punch-card-style dashboards within the Security Posture dashboard to provide a swim-lane view of the type and count of events that are detected against the assets and identities within your organization over the past 24 hours. You can use these dashboards to quickly identify bursts of activity that might need an investigation.
You must install and enable the punch card visualization within your Splunk platform instance for these dashboards to populate. If you see the message "No matching visualization found for type: punchcard, in app: punchcard_app", the punch card visualization might not be installed or enabled.
To install the Splunk InfoSec app, review Install the InfoSec app for Splunk in the Installation Guide.
Overview of the InfoSec app for Splunk
Monitor your environment continuously using the InfoSec app for Splunk
This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0