SA-Investigator for Enterprise Security | Splunkbase
You are currently in preview mode for new Splunkbase! To return to the original Splunkbase, click here.
SA-Investigator for Enterprise Security app icon

SA-Investigator for Enterprise Security

SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included. NOTE: If you modify any of the five investigators (views), any modifications will be written to the local directory. Upgrades will NOT overwrite the local directory so if you are upgrading, the local views will need to be deleted. To ensure you do not lost any customizations, please backup your local directory views prior to upgrading and then apply your modifications after upgrade.

Built by Splunk Works
splunk product badge

Latest Version 3.0.0
June 22, 2022
Compatibility
Platform Version: 9.0, 8.2, 8.1, 8.0, 7.3, 7.2
Rating

5

StarStarStarStarStar

(13)

Support
SA-Investigator for Enterprise Security support icon
Not Supported
Learn more

SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included. NOTE: If you modify any of the five investigators (views), any modifications will be written to the local directory. Upgrades will NOT overwrite the local directory so if you are upgrading, the local views will need to be deleted. To ensure you do not lost any customizations, please backup your local directory views prior to upgrading and then apply your modifications after upgrade.

Categories

Created By

Splunk Works

Contributors

John Stoner

Type

addon

Downloads

11839

Featured in Collection

Getting Started with Security

Resources

Login to report this app listing