Skip to main content
 
Splunk Lantern

Visualizations and reporting

 

Traditional security monitoring tools often cannot build well-configured dashboards or visualizations to help make data intelligible. Splunk Enterprise Security and Splunk Security Essentials provide visualizations and reports that help provide full visibility of an organization’s environment, improve incident investigation and response capabilities, and help you ensure that your security posture is up-to-date.

What are the benefits of effective visualizations and reporting?

You can use reports and visualizations to monitor trends and respond faster. Viewing trends through a single pane of glass is a powerful tool for both analysts and managers, helping to reduce dwell and resolution times and providing real-time insights. For example, the Executive Summary Dashboard in Splunk Enterprise Security provides quick access to the following information: 

  • Mean time to triage
  • Mean time to resolution
  • Investigations created
  • Risk-based alerting trends

What are best practices around visualizations and reporting?

A well-configured visualization or report should allow you to view threats and incidents that are trending up or down. You should be able to produce and show current results and trends in order to review incidents, assess your security posture, and make better decisions. Summary and trends dashboards in Splunk Enterprise Security simplify implementing these best practices.

What processes can I put in place to enhance my visualizations and reports?  

These resources will help you implement this guidance: