Use the SOAR Container Overview dashboard
Use the dashboard available from the SOAR Container Overview dropdown to get a summary of all the containers in your Splunk SOAR instances.
The SOAR Container Overview dashboard contains many different visualizations that are helpful for monitoring the containers in your Splunk SOAR instances:
- New Containers: This visualization shows number of available containers.
- Open Containers: This visualization shows the number of open containers.
- Resolved Containers: This visualization shows the number of resolved containers.
- Average Container Duration: This visualization shows the average duration containers have remained open.
- Average Resolution Time: This visualization shows the average duration containers have remained open before being closed.
- Containers by Status: This visualization shows the number of containers as a percentage by status.
- Highest Container Duration Time by Analyst: This visualization shows which containers have remained open the longest by analyst.
- Analyst Performance: This table shows performance metrics for each analyst.
- Longest Container Duration - Table: This table shows the containers that have remained open the longest.
- Longest Container Duration: This visualization shows the containers that have remained open the longest.
Filter information in the SOAR Container Overview dashboard
Use the dropdowns and fields in the SOAR Container Overview dashboard to filter what information you can see.
- Last 24 hours: Use this dropdown to specify the time period for information you want to display in the dashboard.
- Index Prefix: Use this dropdown to specify the Splunk SOAR instances whose information you want to display in the dashboard.
- Analyst: Use this dropdown to specify the analysts whose information you want to display in the dashboard.
- Container Type: Use this field to enter the types of containers whose information you want to display in the dashboard.
- Sensitivity: Use this field to enter the sensitivity of containers whose information you want to display in the dashboard.
- Severity: Use this field to enter the severity of containers whose information you want to display in the dashboard.
- Label: Use this dropdown to specify the labels for containers whose information you want to display in the dashboard.
- Status: Use this field to enter the status of containers whose information you want to display in the dashboard.
Use the Automation Insights dashboards | Use the Container Insights dashboards |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41
Feedback submitted, thanks!