Use and configure System Insights

Views

There are three pre-configured views for your data. Select a pre-configured view from the View list. For each of these views, you can specify search terms, a time range, and your Splunk SOAR Host. The phantom_system_insights index contains the relevant information, however you can change the index if desired.

Settings and actions

SOAR Host: In the SOAR Host list, specify a connected SOAR hosts for your data sources or select All to use data from all connected SOAR hosts.

Export: Print or export the data in the dashboard to a PDF.

Clone: Make a copy of the current dashboard, then edit it.

Edit and configure System Insights

System Insights dashboards are fully customizable. Select Edit to customize your dashboard to suit your needs.

For complete details on creating dashboards and reports in the Splunk platform see Create Dashboards and Reports in the Splunk platform documentation.

Configure and set defaults for search criteria for the top of your dashboard. Delete choices you don't want to display. Choices include:

• ​Action Status​ ​

• Index​ ​

• Playbook Status​ ​

• Search​ ​

• SOAR Host ​

• Time Range​ ​

• View​

• show_playbook_hint​

Configure or delete available panels in the body of the dashboard. Choices include:

• Actions

• Action run history

• Actions by status

• Actions failed

• Actions in-progress or pending

• Top actions ran

• Top failed actions

Assets/Ingestion

• Asset status

• Ingestion stats

• Ingestion summary

• Scheduled ingestion

• Top assets with the highest ingestion error rate

Playbooks

• All failures

• Playbook pending to running latency trend

• Playbook run history

• Playbook runs by status

• Playbook runs pending

• Playbooks failed

• Playbooks in-progress or pending

• Top failed playbooks

• Top playbooks ran