Use the Container Insights dashboards
Use the dashboards available in the Container Insights dropdown to see metrics about the containers in your Splunk SOAR instances. The SOAR Container Insights dashboard helps you understand what actions are running in particular containers on your Splunk SOAR instances, and the Container & Notes Search dashboard provides tables that allow you to find specific cases and notes. You can filter what information you see so that you can find the exact information you need, when you need it.
The SOAR Container Insights dashboard
Use the SOAR Container Insights dashboard to understand what actions are running in particular containers on your Splunk SOAR instances.
This dashboard contains many visualizations that are helpful for understanding the actions analysts take in particular containers on your Splunk SOAR instances:
- Current Status: This visualization shows the current status of the container.
- Duration: This visualization shows how long the container has been open.
- Last Owner: This visualization shows the name of the last owner of the container.
- Action Run: This table shows the actions run in the container.
- Container Notes: This table shows notes associated with the container.
- Task Notes: This table shows notes associated with each task.
Filter information in the SOAR Container Insights dashboard
All of the visualizations and tables are affected by the three dropdowns on the page, the Last 7 days, Index Prefix, and Container ID (REQUIRED) dropdowns. Use those dropdowns to filter out unnecessary information and find what you need.
The Container & Notes Search dashboard
Use the Container & Notes Search dashboard to understand the cases and notes associated with particular containers on your Splunk SOAR instances.
This dashboard contains several tables that are helpful for understanding the cases and notes in particular containers on your Splunk SOAR instances:
- Case Search Match: This table shows summaries of cases associated with particular containers.
- Notes Search Match: This table shows summaries of notes associated with particular containers.
- Case Search Match: This drilldown shows data for cases associated with particular containers.
- Notes Search Match: This drilldown shows data for notes associated with particular containers.
Filter information in the SOAR Container Insights dashboard
All of the visualizations and tables are affected by the three dropdowns and five fields on the page, the Last 24 hours, Index Prefix, and Label dropdowns and the Search, Container Type, Sensitivity and Status fields. Use those to filter out unnecessary information and find what you need.
Use the SOAR Container Overview dashboard | Audit logs from Splunk SOAR instances using Splunk App for SOAR |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67, 1.0.71
Feedback submitted, thanks!