Skip to main content
 
 
Splunk Lantern

Searching investigation artifacts with the Analyst queue in Enterprise Security 8.0

 

You are a Splunk Enterprise Security user or SOC analyst interested in improving your ability to search and manage investigation artifacts. You want to understand the changes in Splunk Enterprise Security 8.0 that encompass investigation workflows, the Analyst queue, and integration with Splunk SOAR for enhanced case management capabilities.

Solution

This video shows you:

  • How the Analyst queue in Splunk Enterprise Security 8.0 replaces the previous investigation workbench, streamlining the management of investigations and findings.
  • The updated workflow for accessing investigation artifacts, which now appear in the Analyst queue with an enhanced side panel for detailed information.
  • New features in the Analyst queue, such as the ability to add notes with text, attachments, images, and URLs to investigations.
  • How to use the Analyst queue to access response plans and threat intelligence from Splunk Mission Control, with additional capabilities for SOAR-enabled environments.
  • Integration details for Splunk SOAR, enabling automation features that enhance case management workflows.

Next steps

This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the HoodResult Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.

In addition, these resources might help you understand and implement this guidance: