Latest Version 4.0.0
April 11, 2024
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
SA-Investigator for Enterprise Security
SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included.
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
Rating
0
(0)
Log in to rate this app
Support
Not Supported
SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included.
NOTE: If you modify any of the five investigators (views), any modifications will be written to the local directory. Upgrades will NOT overwrite the local directory so if you are upgrading, the local views will need to be deleted. To ensure you do not lost any customizations, please backup your local directory views prior to upgrading and then apply your modifications after upgrade.
Categories
Created By
Splunk Works
Contributors
Lily Lee, Simon O'Brien, Jay Merry
Type
addon
Downloads
19,208
Featured in Collection
Getting Started with Security
Licensing
Splunk Answers
Resources
Log in to report this app listing