Use the SOAR Container Overview dashboard
Use the dashboard available from the SOAR Container Overview dropdown to get a summary of all the containers in your Splunk SOAR instances.
The SOAR Container Overview dashboard contains many different visualizations that are helpful for monitoring the containers in your Splunk SOAR instances:
- New Containers: This visualization shows number of available containers.
- Open Containers: This visualization shows the number of open containers.
- Resolved Containers: This visualization shows the number of resolved containers.
- Average Container Duration: This visualization shows the average duration containers have remained open.
- Average Resolution Time: This visualization shows the average duration containers have remained open before being closed.
- Containers by Status: This visualization shows the number of containers as a percentage by status.
- Highest Container Duration Time by Analyst: This visualization shows which containers have remained open the longest by analyst.
- Analyst Performance: This table shows performance metrics for each analyst.
- Longest Container Duration - Table: This table shows the containers that have remained open the longest.
- Longest Container Duration: This visualization shows the containers that have remained open the longest.
Filter information in the SOAR Container Overview dashboard
Use the dropdowns and fields in the SOAR Container Overview dashboard to filter the information you can see. All filters work together, so if you select Last 24 hours and low severity only, if there were no low severity containers in the last 24 hours, the dashboard will not have any data to display.
- Last 24 hours: Use this dropdown to specify the time period for information you want to display in the dashboard.
- Index Prefix: Use this dropdown to specify the Splunk SOAR instances whose information you want to display in the dashboard.
- Analyst: Use this dropdown to specify the analysts whose information you want to display in the dashboard.
- Container Type: Use this field to enter the types of containers whose information you want to display in the dashboard.
- Sensitivity: Use this field to enter the sensitivity of containers whose information you want to display in the dashboard.
- Severity: Use this field to enter the severity of containers whose information you want to display in the dashboard. You can include custom severity levels created in Splunk SOAR. See note below.
- Label: Use this dropdown to specify the labels for containers whose information you want to display in the dashboard.
- Status: Use this field to enter the status of containers whose information you want to display in the dashboard.
For information on custom severity names, see Create custom severity names for Splunk SOAR (Cloud) or Create custom severity names for Splunk SOAR (On-premises).
Use the Automation Insights dashboards | Use the Container Insights dashboards |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.57, 1.0.67, 1.0.71
Feedback submitted, thanks!