Splunk® App for SOAR

Use Splunk App for SOAR

Use the Container Insights dashboards

Use the dashboards available in the Container Insights dropdown to see metrics about the containers in your Splunk SOAR instances. The SOAR Container Insights dashboard helps you understand what actions are running in particular containers on your Splunk SOAR instances, and the Container & Notes Search dashboard provides tables that allow you to find specific cases and notes. You can filter what information you see so that you can find the exact information you need, when you need it.

The SOAR Container Insights dashboard

Use the SOAR Container Insights dashboard to understand what actions are running in particular containers on your Splunk SOAR instances.

This dashboard contains many visualizations that are helpful for understanding the actions analysts take in particular containers on your Splunk SOAR instances:

  • Current Status: This visualization shows the current status of the container.
  • Duration: This visualization shows how long the container has been open.
  • Last Owner: This visualization shows the name of the last owner of the container.
  • Action Run: This table shows the actions run in the container.
  • Container Notes: This table shows notes associated with the container.
  • Task Notes: This table shows notes associated with each task.

Filter information in the SOAR Container Insights dashboard

All of the visualizations and tables are affected by the three dropdowns on the page, the Last 7 days, Index Prefix, and Container ID (REQUIRED) dropdowns. Use those dropdowns to filter out unnecessary information and find what you need.

The Container & Notes Search dashboard

Use the Container & Notes Search dashboard to understand the cases and notes associated with particular containers on your Splunk SOAR instances.

This dashboard contains several tables that are helpful for understanding the cases and notes in particular containers on your Splunk SOAR instances:

  • Case Search Match: This table shows summaries of cases associated with particular containers.
  • Notes Search Match: This table shows summaries of notes associated with particular containers.
  • Case Search Match: This drilldown shows data for cases associated with particular containers.
  • Notes Search Match: This drilldown shows data for notes associated with particular containers.

Filter information in the SOAR Container Insights dashboard

All of the visualizations and tables are affected by the three dropdowns and five fields on the page, the Last 24 hours, Index Prefix, and Label dropdowns and the Search, Container Type, Sensitivity and Status fields. Use those to filter out unnecessary information and find what you need.

Last modified on 27 June, 2022
Use the SOAR Container Overview dashboard   Audit logs from Splunk SOAR instances using Splunk App for SOAR

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.0, 1.0.38, 1.0.41, 1.0.57, 1.0.67, 1.0.71


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters