Use the Identity Center dashboard to review and search for objects in the identity data added to Splunk. This table drives the correlation between user identity data and event data captured from the PCI resources sending data to Splunk. Identity data represents a list of account names, legal names, nicknames, and alternate names, along with other associated information about each identity.
Filtering Identities in Identity Center
The filter for the Identity Center dashboard uses a key=value pair search field. To filter identities, enter a key=value pair instead of a name or text string.
Some sample key=value pairs are email=*acmetech.com or nick=a_nickname.
Use the available dashboard filters to refine the results displayed on the dashboard panels.
|Username||A known or unknown user||Text field. Empty by default. Wildcard strings with an asterisk (*)|
|Priority||Filter by the Priority field in the Identities table||Drop-down by Priority.|
|Business Unit||A group or department classification for the identity.||Text field. Empty by default. Wildcard strings with an asterisk (*)|
|Category||Filter by the Category field in the Identities table.||Drop-down by Category.|
|Watchlisted Identities Only||Filter by the identities tagged as "watchlist" in the Identities table.||Drop-down: select to filter by|
|Time Range||Select the time range to represent.||Drop-down: select to filter by|
|Identities by Priority||Displays the count of Identities by priority level. The drilldown opens a search with the selected priority level.|
|Identities by Business Unit||Displays the relative number of Identities by business unit. The drilldown opens a search with the selected business unit.|
|Identities by Category||Displays the relative number of Identities by category. The drilldown opens a search with the selected category.|
|Identity Information||Shows a list of identities active in the PCI compliance environment, with details from the Identity table. Click "View full results" for more information about the event. The drilldown opens the Identity Investigator dashboard if the |
The reports in the Identity Center dashboard reference fields in the Asset and Identities data model. Relevant data sources include lists of assets and identities collected and loaded as lookups, scripted inputs, or search extracted data.
This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0