conf21 for a brief overview of the Executive Summary and Security Operations dashboards. This will allow your team to decide which should be expanded on and which are eligible to be retired.Ĭheck out this demo from.
Now, with 7.0 you can see and report on this data over time, and get a deep dive into exactly which correlation sources contribute to each of the 4 default disposition types. These deeper insights allow for analysis of assigned notables and analyst workflows, and notable dispositions.ĮS 6.6 introduced a dispositions feature of incident review that allowed you to record whether an event was a true positive, false positive, or benign positive. Similar to the Executive Summary Dashboard, the Security Operations Dashboard shares key insights but provides deeper analysis capabilities designed for SOC managers and team leads. This allows you to quickly access key insights such as: The new Executive Summary Dashboard surfaces key performance indicators that provide insights on the overall health of the SOC and facilitate reporting to CISOs and other senior leaders. Let’s get right into it! Executive Summary Dashboard We are thrilled to announce the latest innovations to Splunk Enterprise Security (ES) 7.0 - now available on Splunkbase!ĮS 7.0 continues to improve on capabilities released in 6.6, while launching new features essential to the modern SOC.