Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

The Content Overview dashboard

The Content Overview dashboard is an important part of the Analytics Advisor suite. This dashboard takes into account what data you have in your environment, what searches are active, and helps you see what content you can use next. To use this dashboard, from the main menu click Analytics Advisor > Content Overview. Each number in this dashboard represents a step in using the dashboard.

  1. The Available Content panel lets you see a high level of how your environment compares to the available content. You can switch between the tabs to change the visualization and click the Split by field to show different dimensions. Everything in this panel is clickable and allows you to drill down further.
  2. The Selected Content panel contains further filters that allow you to drill into individual pieces of content.
  3. The View Content panel lets you view full details of the selection inside the Security Essentials general content page.

Any content in this dashboard labeled Active means that you have content enabled in your environment. Content labeled Available means that you have content that can be enabled with data already in Splunk. Content labeled Needs data means that the data needed to support the content is missing.

Last modified on 05 January, 2021
Gather events with the Risk-based Alerting dashboard   The MITRE ATT&CK Framework dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters