Splunk® App for PCI Compliance

User Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of PCI. Click here for the latest version.
Acrobat logo Download topic as PDF

Start an investigation in

You can start an investigation in several ways in .

After you start an investigation, you can investigate assets and identities using the investigation workbench, and start adding details to the investigation.

By default, users with the pci_admin and pci_analyst roles can start an investigation.

Start an investigation from the Investigations dashboard

Start an investigation from the Investigations dashboard.

  1. Click Create New Investigation.
  2. Type a title.
  3. (Optional) Select a status.
  4. (Optional) Type a description.
  5. Click Save.

Start an investigation from the investigation bar

When viewing dashboards in , you can see an investigation bar at the bottom of the page. You can use the investigation bar to track your investigation progress from any page in .

  1. Click the plus icon to create an investigation.
  2. Type a title.
  3. (Optional) Select a status.
  4. (Optional) Type a description.
  5. Click Save.

The investigation is loaded in the investigation bar.

Last modified on 09 July, 2020
Investigations in
Investigate a potential security incident on the investigation workbench in the

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters