splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 13 LAB · LAB 13 — BUILD A SOC DASHBOARD· week 2
Build a SOC dashboard — 4 panels, time picker, drilldowns.
- ›Open Posture → study the layout.
- ›Sketch your own: notables by urgency, 7d trend, top 10 sources, top 10 ATT&CK.
- ›Add a time picker token and drilldown to Incident Review.
Hint: Tokens + drilldowns turn a dashboard into an investigation tool.
Security Posture
Key Security Indicators · click a tile to drill into Incident Review
Notable Events By Urgency
critical3
high4
medium2
low1
informational0
Notable Events Over Time
Top Notable Events
| rule_name | count |
|---|---|
| Brute Force - Failed Logins | 1 |
| Suspicious PowerShell EncodedCommand | 1 |
| Threat Match - Network | 1 |
| Lateral Movement - PsExec | 1 |
| Mass File Encryption | 1 |
| Phishing URL Clicked | 1 |
Top Sources
| src | count |
|---|---|
| 10.4.12.50 | 3 |
| 10.4.12.91 | 3 |
| 203.0.113.42 | 1 |
| 10.2.7.110 | 1 |
| Toronto/Berlin | 1 |