splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 17 LAB · LAB 17 — TOUR SPLUNK ES· week 3
Tour every Splunk ES dashboard, menu, and concept.
- ›Click every top-level tab.
- ›Open every Security Domain (Access, Endpoint, Network, Identity).
- ›Find Risk Analysis, Threat Activity, Asset Investigator.
Hint: ES is built on Splunk Core — every panel runs SPL underneath.
Security Posture
Key Security Indicators · click a tile to drill into Incident Review
Notable Events By Urgency
critical3
high4
medium2
low1
informational0
Notable Events Over Time
Top Notable Events
| rule_name | count |
|---|---|
| Brute Force - Failed Logins | 1 |
| Suspicious PowerShell EncodedCommand | 1 |
| Threat Match - Network | 1 |
| Lateral Movement - PsExec | 1 |
| Mass File Encryption | 1 |
| Phishing URL Clicked | 1 |
Top Sources
| src | count |
|---|---|
| 10.4.12.50 | 3 |
| 10.4.12.91 | 3 |
| 203.0.113.42 | 1 |
| 10.2.7.110 | 1 |
| Toronto/Berlin | 1 |