Investigate behaviors using the InfoSec app for Splunk
Access the User Investigation and Host Investigation dashboards by drilling down from one of the other dashboards within the InfoSec app for Splunk. Alternatively, navigate to the dashboards directly and search using the provided filters. Select any represented data within these two dashboards to drill down to that user or host, or display the results of the underlying Splunk search.
Use the following dashboards in the InfoSec app to investigate user- and host-based behaviors and actions:
Investigate user behavior
Use the User Investigation dashboard to investigate user activity using the following information:
- User information
- User access by source
- Access over time by action
- Access by source
- Authentication map that shows up to 250 authentication destinations
- The 100 most recent events
Investigate host behavior
Use the Host Investigation dashboard to investigate host activity using the following information:
- Network communications
- Network communications map
- Authentications and changes
- Malware and intrusion