Traditional security monitoring tools often cannot build well-configured dashboards or visualizations to help make data intelligible. Splunk Enterprise Security and Splunk Security Essentials provide visualizations and reports that help provide full visibility of an organization’s environment, improve incident investigation and response capabilities, and help you ensure that your security posture is up-to-date.
What are the benefits of effective visualizations and reports?
You can use reports and visualizations to monitor trends and respond faster. Viewing trends through a single pane of glass is a powerful tool for both analysts and managers, helping to reduce dwell and resolution times and providing real-time insights. For example, the Executive Summary Dashboard in Splunk Enterprise Security provides quick access to the following information:
- Mean time to triage
- Mean time to resolution
- Investigations created
- Risk-based alerting trends
What are best practices around visualizations and reporting?
A well-configured visualization or report should allow you to view threats and incidents that are trending up or down. You should be able to produce and show current results and trends in order to review incidents, assess your security posture, and make better decisions. Summary and trends dashboards in Splunk Enterprise Security simplify implementing these best practices.
What processes can I put in place to enhance my visualizations and reports?
Splunk recommends following the Prescriptive Adoption Motion: Visualizations & Reports. This guide walks you step-by-step through working with built-in dashboards in Splunk Enterprise Security that provide real-time visibility into security events.
These resources will help you implement this guidance:
- Getting Started Guide: Setting up dashboards and reporting in ES
- Blog: Speeding detection, investigation, and response with Splunk for Security