Splunk app views
Sending advanced analytics data from Guardium® Insights to Splunk helps users quickly identify data risks and share actionable insights across security teams to reduce the likelihood of data breaches.
The app provides the following views:
- Data Risks
- The Data Risks tab displays the following features that filter the data
based on Asset Type and Time Range.
- Top risk events - Contains severity numbers that can be clicked to take you to the individual risk page for that severity.
- Risk events over time - Tracks the number of all risks that have occurred over time.
- Recent risks - Tracks the amount of new risks that have occurred.
- Total risk events - Tracks the count of risk events that have occurred.
- Risk Count by Category - Tracks the count of risk events that have occurred based on the category they belong to.
Note: If you are on the Data Risks page, click on any of the bar charts or hypertext links; a Risk Event Detail page will appear in blue with the most recent risks. You can then import the latest 48 observations to Splunk per risk_events, if you want to see more observations click the View in Guardium Insights button in the Risk event details page. Authentication is required in the pop up page. - Search
- Use the Search tab to view detailed information about the Top risk events , Risk data, and Reports data in JSON format. The Search allows you to further look into risks and report data to identify security breaches.
Restriction: Version 1.0 and 2.0 of the Guardium Insights for Splunk app do not support Splunk deployments on
Windows operating systems.