Splunk app views

Sending advanced analytics data from Guardium® Insights to Splunk helps users quickly identify data risks and share actionable insights across security teams to reduce the likelihood of data breaches.

The app provides the following views:
Data Risks
The Data Risks tab displays the following features that filter the data based on Asset Type and Time Range.
  • Top risk events - Contains severity numbers that can be clicked to take you to the individual risk page for that severity.
  • Risk events over time - Tracks the number of all risks that have occurred over time.
  • Recent risks - Tracks the amount of new risks that have occurred.
  • Total risk events - Tracks the count of risk events that have occurred.
  • Risk Count by Category - Tracks the count of risk events that have occurred based on the category they belong to.
Note: If you are on the Data Risks page, click on any of the bar charts or hypertext links; a Risk Event Detail page will appear in blue with the most recent risks. You can then import the latest 48 observations to Splunk per risk_events, if you want to see more observations click the View in Guardium Insights button in the Risk event details page. Authentication is required in the pop up page.
Search
Use the Search tab to view detailed information about the Top risk events , Risk data, and Reports data in JSON format. The Search allows you to further look into risks and report data to identify security breaches.
Restriction: Version 1.0 and 2.0 of the Guardium Insights for Splunk app do not support Splunk deployments on Windows operating systems.