The Content Overview dashboard
The Content Overview dashboard is an important part of the Analytics Advisor suite. This dashboard takes into account what data you have in your environment, what searches are active, and helps you see what content you can use next. To use this dashboard, from the main menu click Analytics Advisor > Content Overview. Each number in this dashboard represents a step in using the dashboard.
- The Available Content panel lets you see a high level of how your environment compares to the available content. You can switch between the tabs to change the visualization and click the Split by field to show different dimensions. Everything in this panel is clickable and allows you to drill down further.
- The Selected Content panel contains further filters that allow you to drill into individual pieces of content.
- The View Content panel lets you view full details of the selection inside the Security Essentials general content page.
Any content in this dashboard labeled Active means that you have content enabled in your environment. Content labeled Available means that you have content that can be enabled with data already in Splunk. Content labeled Needs data means that the data needed to support the content is missing.
| Gather events with the Risk-based Alerting dashboard | The MITRE ATT&CK Framework dashboard |
This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0
Download manual
Feedback submitted, thanks!