Searching investigation artifacts with the Analyst queue in Enterprise Security 8.0
You are a Splunk Enterprise Security user or SOC analyst interested in improving your ability to search and manage investigation artifacts. You want to understand the changes in Splunk Enterprise Security 8.0 that encompass investigation workflows, the Analyst queue, and integration with Splunk SOAR for enhanced case management capabilities.
Solution
This video shows you:
- How the Analyst queue in Splunk Enterprise Security 8.0 replaces the previous investigation workbench, streamlining the management of investigations and findings.
- The updated workflow for accessing investigation artifacts, which now appear in the Analyst queue with an enhanced side panel for detailed information.
- New features in the Analyst queue, such as the ability to add notes with text, attachments, images, and URLs to investigations.
- How to use the Analyst queue to access response plans and threat intelligence from Splunk Mission Control, with additional capabilities for SOAR-enabled environments.
- Integration details for Splunk SOAR, enabling automation features that enhance case management workflows.
Next steps
In addition, these resources might help you understand and implement this guidance:
- Splunk Docs: About Splunk Enterprise Security
- Product Tip: Installing and upgrading to Splunk Enterprise Security 8x
- Product Tip: Using Enterprise Security 8.0 workflows
- Product Tip: Using risk-based alerting and detection in Enterprise Security 8.0
- Product Tip: Enabling auto-refresh on the Analyst queue in Enterprise Security