Visualizations and reporting

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Traditional security monitoring tools often cannot build well-configured dashboards or visualizations to help make data intelligible. Splunk Enterprise Security and Splunk Security Essentials provide visualizations and reports that help provide full visibility of an organization’s environment, improve incident investigation and response capabilities, and help you ensure that your security posture is up-to-date.

What are the benefits of effective visualizations and reporting?

You can use reports and visualizations to monitor trends and respond faster. Viewing trends through a single pane of glass is a powerful tool for both analysts and managers, helping to reduce dwell and resolution times and providing real-time insights. For example, the Executive Summary Dashboard in Splunk Enterprise Security provides quick access to the following information:

Mean time to triage
Mean time to resolution
Investigations created
Risk-based alerting trends

What are best practices around visualizations and reporting?

A well-configured visualization or report should allow you to view threats and incidents that are trending up or down. You should be able to produce and show current results and trends in order to review incidents, assess your security posture, and make better decisions. Summary and trends dashboards in Splunk Enterprise Security simplify implementing these best practices.

What processes can I put in place to enhance my visualizations and reports?

These resources will help you implement this guidance:

Product Tip: Comparing security domain dashboards in Enterprise Security
Getting Started Guide: Setting up dashboards and reporting in ES
Blog: Speeding detection, investigation, and response with Splunk for Security

Reporting on MOVEit automation activities
Progress MOVEit Automation provides a simple but powerful user interface for defining business workflows that anyone on your IT team can use. Learn how to report on automation activities using Splunk Enterprise.
Reporting on MOVEit transfer activities
MOVEit Transfer supports the exchange of files and data between servers, systems and applications within and between organizations, as well as between groups and individuals using a common shared folder with simple browser access for users. Learn how to report on transfer activities using Splunk Enterprise.