Splunk® Security Essentials

Use Splunk Security Essentials

The Cyber Kill Chain dashboard

The Cyber Kill Chain dashboard includes a custom visualization that shows what content is tied to different parts of the Cyber Kill Chain. The Cyber Kill Chain dashboard takes into account the data and active content in your environment to help you choose new cyber kill chain content. Each number in this dashboard represents a piece of content. Content labelled Active means that you have content activated in your environment, Available means that you have content that can be activated with data already in Splunk, and Needs data means that the data to support the content is missing in Splunk.

Before you use the Cyber Kill Chain, Configure the Data Inventory dashboard and Content Mapping. For more information, see Configure the products you have in your environment with the Data Inventory dashboard or Track active content in Splunk Security Essentials using Content Mapping.

Available Content

In the Kill Chain View, the Cyber Kill Chain tab shows the coverage in your environment against the Kill Chain steps. You can adjust what numbers are displayed in the Cyber Kill Chain visualization to show Active or Available content.

The Chart View shows on a high level how your environment stacks up against the content available and the Cyber Kill Chain. You can switch between the tabs to change the visualization.

Selected Content

The Selected Content panel contains further filters that allow you to drill into individual pieces of content.

View Content

The View Content panel allows you to go directly to the view full details of the selection inside the Security Essentials general content page.

Last modified on 03 July, 2023
The Content Overview dashboard   The MITRE ATT&CK Framework dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters