Hi, there are some security saved search and key indicator in ES, if I activate these searches, if they trigger, in which dashboard in ES i can see the result? For example if the search "Malware- total infection count " trigger, in which dashboard in ES can I see the result?
# ES
# enterprise security
Thanks, as you said the key indicator searches are designed to display metrics, so exactly where and how I can see these metrics?
Thank you very much for your answer 🌹
If you're using Splunk ES version 8.x, navigate to the Splunk ES App, then go to Mission Control, where you'll find the "Analyst Queue." This serves the same function as "Incident Review."
Thank you for reply, it’s very useful.
I can explain more my question : I have some “Key Indicator Search” like “Access - Total Access Attempts” , “Malware - Total Infection Count” , “Risk - Median Risk Score By Other” , you said if they trigger I can see their related notable event in “Incident Review” . It’s OK, But my main question is: Dose this searches have any effects on any a value in some dashboard in ES? For example may be they change the value of the “aggregated user risk” in “ES -> Security Intelligence -> Risk Analysis -> aggregated user risk” .
Thank you very much for your reply 😊