Splunk® App for PCI Compliance

User Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Review an investigation in

Revisit past investigations, or view a current investigation by clicking the title from the investigation bar or from the Investigations dashboard. Users with the capability to manage all investigations can view all investigations. Only collaborators on an investigation with write permissions can edit an investigation.

You can also review the summary of an investigation. See Review the summary of an investigation in .

Review an entry's investigation for training or research purposes. Click an entry on an investigation to see all details associated with it.

  • For notes with file attachments, click the file name to download the file attachment.
  • For notable events, click View on Incident Review to open the Incident Review dashboard filtered on that specific notable event.
  • For action history entries, you can repeat the previously-performed action. For a search action history entry, click the search string to open it in search. For a dashboard action history entry, click the dashboard name to view the dashboard.

This screen image shows a note on the timeline titled Note:Server 003 has malware. The note title and description display in the center of the screen. At the bottom of the screen, a timeline shows the status of the investigation with words and a different color. The timeline in this screenshot is contracted, so only the letters "tat" are visible instead of "Status: In Progress".

Gain insight into an attack or investigation by viewing the entire timeline of the investigation or view only part of it by expanding or contracting the timeline.

Click the timeline to move it and scan the entries. View a chronological list of all timeline entries by clicking the list icon, or refine your view of the timeline using filters. You can filter by type or use the Filter box to filter by title.

Review the status history of an investigation

You can review the status history of an investigation visually on the investigation timeline. The timeline changes color to reflect changes in status assignments. The color does not relate directly to the status of the investigation, and is automatically assigned. The colors cannot be changed, customized, or removed.

Last modified on 14 February, 2022
Collaborate on an investigation in
Share or print an investigation in

This documentation applies to the following versions of Splunk® App for PCI Compliance: 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.2.0, 5.3.0, 5.3.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters