Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
SA-Investigator for Enterprise Security app icon

SA-Investigator for Enterprise Security

SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included. NOTE: If you modify any of the five investigators (views), any modifications will be written to the local directory. Upgrades will NOT overwrite the local directory so if you are upgrading, the local views will need to be deleted. To ensure you do not lost any customizations, please backup your local directory views prior to upgrading and then apply your modifications after upgrade.

Built by Splunk Works
splunk product badge

Latest Version 4.0.0
April 11, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
Rating

0

(0)

Log in to rate this app
Support
SA-Investigator for Enterprise Security support icon
Not Supported
SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included. NOTE: If you modify any of the five investigators (views), any modifications will be written to the local directory. Upgrades will NOT overwrite the local directory so if you are upgrading, the local views will need to be deleted. To ensure you do not lost any customizations, please backup your local directory views prior to upgrading and then apply your modifications after upgrade.

Categories

Created By

Splunk Works

Contributors

Lily Lee, Simon O'Brien, Jay Merry

Type

addon

Downloads

18,650

Featured in Collection

Getting Started with Security

Resources

Login to report this app listing