Observations dashboards
The Observations dashboards consist of 6 different dashboards that give you more insights into the analysis that Splunk Attack Analyzer does. To navigate to the Observations dashboards, follow these steps:
- Select Observations.
- Choose the name of your desired dashboard.
The Observations dashboards contain the following dashboards and panels.
Credential Phishing and Malware dashboard
The Credential Phishing and Malware dashboard shows an overview of the phishing and malware detected by Splunk Attack Analyzer. You can filter this dashboard by time range and job ID.
Dashboard panels
| Panel | Description |
|---|---|
| Phish Brand Total | Displays the number of phished brands observed by Splunk Attack Analyzer over your selected time range. |
| Phished Brands Over Selected Time | Displays a bar graph of the number of phished brands observed by Splunk Attack Analyzer over your selected time range. |
| Phished Brands Observed | Displays a radial chart that shows the various phished brands observed over your selected time range. |
| Phish Kit Total | Displays the number of phish kits observed by Splunk Attack Analyzer over your selected time range. |
| Phish Kit Families Over Selected Time | Displays a bar graph of the number of phish kit families observed by Splunk Attack Analyzer over your selected time range. The drilldown for this panel opens the Phish Kits dashboard. |
| Phish Kit Family Observed | Displays a radial chart that shows the various phish kit families observed over your selected time range. |
| Malware Total | Displays the amount of malware observed by Splunk Attack Analyzer over your selected time range. |
| Malware Over Selected Time | Displays a bar graph of the amount of malware observed by Splunk Attack Analyzer over your selected time range. The drilldown for this panel opens the Malware dashboard. |
| Malware Observed | Displays a radial chart that shows the various types of malware observed over your selected time range. |
Phished Brands dashboard
The Phished Brands dashboard shows data about phish brands observed by Splunk Attack Analyzer. You can filter this dashboard by time range, job ID, and phished brand.
Dashboard panels
| Panel | Description |
|---|---|
| Phish Brand Total | Displays the number of phished brands observed by Splunk Attack Analyzer over your selected time range. |
| Phished Brands Observed | Displays a radial chart that shows the various phished brands observed over your selected time range. |
| Phished Brands Observed Over Time | Displays a bar graph of the number of phished brands observed by Splunk Attack Analyzer over your selected time range. You can also filter this graph by the type of phished brand. |
| Job ID to Phish Brand | Displays the link between a job ID and a certain phish brand. The drilldown for this panel opens the Resources Analyzed dashboard. |
Phish Kits dashboard
The Phish Kits dashboard shows data about phish kits observed by Splunk Attack Analyzer. You can filter this dashboard by time range, job ID, and type of phish kit.
Dashboard panels
| Panel | Description |
|---|---|
| Phish Kit Total | Displays the number of phish kits observed by Splunk Attack Analyzer over your selected time range. |
| Phish Kit Family Observed | Displays a radial chart that shows the various phish kit families observed over your selected time range. |
| Phish Kits Observed Over Time | Displays a bar graph of the number of phish kits observed by Splunk Attack Analyzer over your selected time range. You can also filter this graph by the type of phish kit. |
| Job ID to Phish Kit | Displays the link between a job ID and a certain phish kit. The drilldown for this panel opens the Resources Analyzed dashboard. |
Malware Families dashboard
The Malware Families dashboard shows data about malware observed by Splunk Attack Analyzer. You can filter this dashboard by time range, job ID, and malware family.
Dashboard panels
| Panel | Description |
|---|---|
| Malware Total | Displays the amount of malware observed by Splunk Attack Analyzer over your selected time range. |
| Malware Observed | Displays a radial chart that shows the various types of malware observed over your selected time range. |
| Malware Observed Over Time | Displays a bar graph of the amount of malware observed by Splunk Attack Analyzer over your selected time range. You can also filter this graph by the type of malware. |
| Job ID to Malware | Displays the link between a job ID and a certain malware type. The drilldown for this panel opens the Resources Analyzed dashboard. |
MITRE ATT&CK dashboard
The MITRE ATT&CK dashboard shows data about MITRE ATT&CK information observed by Splunk Attack Analyzer. You can filter this dashboard by time range and job ID.
In order to view data on the MITRE ATT&CK dashboard, you must have configured the splunk:aa:forensic:mitreattacks source type. For more information about source types and configuring source types, see Source types for the Splunk Add-on for Splunk Attack Analyzer and Configure a completed jobs input in the Splunk Add-on for Splunk Attack Analyzer User Guide.
Dashboard panels
| Panel | Description |
|---|---|
| MITRE ATT&CK Observation by SAA_JOB_ID | Displays a table that shows the tactic, technique, MITRE ID, and sub-technique for the job ID. The drilldown for this panel opens the Resources Analyzed dashboard. |
| SAA_JOB_ID Link Resources Analyzed | Displays the link between a job ID, tactic, MITRE ID, technique, and sub-technique. The drilldown for this panel opens the Resources Analyzed dashboard. |
Resources Analyzed dashboard
The Resources Analyzed dashboard shows a table with job data from Splunk Attack Analyzer. You can filter this dashboard by time range and job ID. The drilldown for this chart opens the job page in Splunk Attack Analyzer for the specific job that you select from the table.
| Usage Overview dashboard | Executive Overview dashboard |
This documentation applies to the following versions of Splunk® App for Splunk Attack Analyzer: 1.1.0, 1.1.1, 1.2.0
Download manual
Feedback submitted, thanks!