splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 29 LAB · LAB 29 — BUILD A CISO DASHBOARD· week 4
Build a CISO dashboard — 4 KPIs the board cares about.
- ›Open Posture.
- ›Identify the 4 strategic KPIs.
- ›Sketch: 4 KPI tiles (current + 30d trend) + risk heatmap + incidents-by-month.
Hint: MTTD, MTTR, % auto-resolved, ATT&CK coverage — those are board metrics. Trends > snapshots.
Security Posture
Key Security Indicators · click a tile to drill into Incident Review
Notable Events By Urgency
critical3
high4
medium2
low1
informational0
Notable Events Over Time
Top Notable Events
| rule_name | count |
|---|---|
| Brute Force - Failed Logins | 1 |
| Suspicious PowerShell EncodedCommand | 1 |
| Threat Match - Network | 1 |
| Lateral Movement - PsExec | 1 |
| Mass File Encryption | 1 |
| Phishing URL Clicked | 1 |
Top Sources
| src | count |
|---|---|
| 10.4.12.50 | 3 |
| 10.4.12.91 | 3 |
| 203.0.113.42 | 1 |
| 10.2.7.110 | 1 |
| Toronto/Berlin | 1 |