Visualizations and Reports
Both Splunk Enterprise Security and Splunk Security Essentials provide visualizations and reports that help you ensure that your security posture is up-to-date.
A well-configured visualization or report should allow you to view threats and incidents that are trending up or down. The ability to view trends through a single pane of glass is a powerful tool for both managers and analysts, helping to reduce dwell and resolution times.
What are the benefits of effective visualizations and reports?
You can use reports and visualizations to monitor trends and respond faster. This is also a great way to provide real-time insights for management. For example, the Executive Summary Dashboard in Splunk Enterprise Security provides quick access to the following information:
- Mean Time to Triage
- Mean Time to Resolution
- Investigations Created
- Risk Based Alerting Trends
What are best practices around visualizations and reporting?
You should be able to produce and show current results and trends in order to assess your security posture and to make better decisions.
- Summary and trends dashboard
- Current security posture
- Incident review
What processes can I put in place to enhance my visualizations and reports?
These resources will help you implement this guidance:
- Getting Started Guide: Setting up dashboards and reporting in ES
- Blog: Speeding detection, investigation, and response with Splunk for Security