Splunk® App for SOAR

Use Splunk App for SOAR

Use the SOAR Container Overview dashboard

Use the dashboard available from the SOAR Container Overview dropdown to get a summary of all the containers in your Splunk SOAR instances.

The SOAR Container Overview dashboard contains many different visualizations that are helpful for monitoring the containers in your Splunk SOAR instances:

  • New Containers: This visualization shows number of available containers.
  • Open Containers: This visualization shows the number of open containers.
  • Resolved Containers: This visualization shows the number of resolved containers.
  • Average Container Duration: This visualization shows the average duration containers have remained open.
  • Average Resolution Time: This visualization shows the average duration containers have remained open before being closed.
  • Containers by Status: This visualization shows the number of containers as a percentage by status.
  • Highest Container Duration Time by Analyst: This visualization shows which containers have remained open the longest by analyst.
  • Analyst Performance: This table shows performance metrics for each analyst.
  • Longest Container Duration - Table: This table shows the containers that have remained open the longest.
  • Longest Container Duration: This visualization shows the containers that have remained open the longest.

Filter information in the SOAR Container Overview dashboard

Use the dropdowns and fields in the SOAR Container Overview dashboard to filter the information you can see. All filters work together, so if you select Last 24 hours and low severity only, if there were no low severity containers in the last 24 hours, the dashboard will not have any data to display.

  • Last 24 hours: Use this dropdown to specify the time period for information you want to display in the dashboard.
  • Index Prefix: Use this dropdown to specify the Splunk SOAR instances whose information you want to display in the dashboard.
  • Analyst: Use this dropdown to specify the analysts whose information you want to display in the dashboard.
  • Container Type: Use this field to enter the types of containers whose information you want to display in the dashboard.
  • Sensitivity: Use this field to enter the sensitivity of containers whose information you want to display in the dashboard.
  • Severity: Use this field to enter the severity of containers whose information you want to display in the dashboard. You can include custom severity levels created in Splunk SOAR. See note below.
  • Label: Use this dropdown to specify the labels for containers whose information you want to display in the dashboard.
  • Status: Use this field to enter the status of containers whose information you want to display in the dashboard.

For information on custom severity names, see Create custom severity names for Splunk SOAR (Cloud) or Create custom severity names for Splunk SOAR (On-premises).

Last modified on 29 February, 2024
Use the Automation Insights dashboards   Use the Container Insights dashboards

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.57, 1.0.67


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters