Entity analysis dashboard

The Entity analysis dashboard is a centralized security operations interface in Splunk Enterprise Security that consolidates asset investigation, activity monitoring, and anomaly detection into a single, unified workflow. Security analysts can move fluidly between investigations on individual assets and users, network-wide activity monitoring, and analysis of detection patterns.

The dashboard draws on aggregated data from different sources, including log files, network devices, cloud services, workstations, servers, and databases, to build a continuously updated view of every asset and user on your network. From this shared data foundation, the dashboard surfaces both targeted investigative detail and broad activity signals, allowing analysts to correlate findings across investigation types.

The dashboard provides the following core capabilities:

• Investigate individual assets and users using multi-tab views of health, activity, risk, and network associations.
• Visualize asset relationships and attack surface exposure through an interactive graph explorer
• Examine subnet context for undetected or partially characterized IP addresses
• Monitor network-wide detection activity by date, type, and geographic location
• Reconstruct the detection history of any host across configurable time spans
• Attribute IP addresses and raw events to specific assets and users at a point in time
• Surface anomalous behavioral patterns, including dormant asset reactivation, short-lived assets, and credential anomalies