Splunk® App for SOAR

Use Splunk App for SOAR

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® App for SOAR. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Use the SOAR Container Overview dashboard

Use the dashboard available from the SOAR Container Overview dropdown to get a summary of all the containers in your Splunk SOAR instances.

The SOAR Container Overview dashboard contains many different visualizations that are helpful for monitoring the containers in your Splunk SOAR instances:

  • New Containers: This visualization shows number of available containers.
  • Open Containers: This visualization shows the number of open containers.
  • Resolved Containers: This visualization shows the number of resolved containers.
  • Average Container Duration: This visualization shows the average duration containers have remained open.
  • Average Resolution Time: This visualization shows the average duration containers have remained open before being closed.
  • Containers by Status: This visualization shows the number of containers as a percentage by status.
  • Highest Container Duration Time by Analyst: This visualization shows which containers have remained open the longest by analyst.
  • Analyst Performance: This table shows performance metrics for each analyst.
  • Longest Container Duration - Table: This table shows the containers that have remained open the longest.
  • Longest Container Duration: This visualization shows the containers that have remained open the longest.

Filter information in the SOAR Container Overview dashboard

Use the dropdowns and fields in the SOAR Container Overview dashboard to filter what information you can see.

  • Last 24 hours: Use this dropdown to specify the time period for information you want to display in the dashboard.
  • Index Prefix: Use this dropdown to specify the Splunk SOAR instances whose information you want to display in the dashboard.
  • Analyst: Use this dropdown to specify the analysts whose information you want to display in the dashboard.
  • Container Type: Use this field to enter the types of containers whose information you want to display in the dashboard.
  • Sensitivity: Use this field to enter the sensitivity of containers whose information you want to display in the dashboard.
  • Severity: Use this field to enter the severity of containers whose information you want to display in the dashboard.
  • Label: Use this dropdown to specify the labels for containers whose information you want to display in the dashboard.
  • Status: Use this field to enter the status of containers whose information you want to display in the dashboard.
Last modified on 27 February, 2024
PREVIOUS
Use the Automation Insights dashboards 		  NEXT
Use the Container Insights dashboards

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters