Latest Version 4.0.0
April 11, 2024
SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included.
(0)
Categories
Created By
Contributors
Type
Downloads
Featured in Collection
Licensing
Splunk Answers
Resources