This release is focused almost exclusively on a much-requested new feature, the addition of dashboard panels!
The Data Source Check dashboard has been expanded with some new functionality. You've probably used this dashboard before to see what content you have the data needed to support -- one of the Splunk Security Essentials crowd favorites! Now, once you've completed that scan (which, by the way, we now store so you don't have to run through it every time), you can click "Create Posture Dashboards" to pop-up the menu with up to 50 out-of-the-box dashboard panels.
Just like everything in Splunk Security Essentials, the dashboards are aware of whether you have the required data sources or not, and they'll take advantage of all of the performance possible, using accelerated tstats queries if you have accelerated data models, or falling back to raw event searches if not. And of course, if you just want to explore the options, you can use just the demo data.
Once you click "Create Dashboards", SSE will create 1-3 new dashboards and automatically add them to the SSE navigation. These dashboards are optimized SimpleXML, so you're welcome to crib searches, rearrange panels, or add new searches as easily as you manipulate any other dashboards.
This is a new feature designed primarily for those getting started (who might prefer a list of the users with the top failed logins, over an email alert), but there are useful dashboard panels for all levels of user. Have feedback? Post on Splunk Answers, or tweet at @davidveuve.
This release is focused almost exclusively on a much-requested new feature, the addition of dashboard panels!
The Data Source Check dashboard has been expanded with some new functionality. You've probably used this dashboard before to see what content you have the data needed to support -- one of the Splunk Security Essentials crowd favorites! Now, once you've completed that scan (which, by the way, we now store so you don't have to run through it every time), you can click "Create Posture Dashboards" to pop-up the menu with up to 50 out-of-the-box dashboard panels.
Just like everything in Splunk Security Essentials, the dashboards are aware of whether you have the required data sources or not, and they'll take advantage of all of the performance possible, using accelerated tstats queries if you have accelerated data models, or falling back to raw event searches if not. And of course, if you just want to explore the options, you can use just the demo data.
Once you click "Create Dashboards", SSE will create 1-3 new dashboards and automatically add them to the SSE navigation. These dashboards are optimized SimpleXML, so you're welcome to crib searches, rearrange panels, or add new searches as easily as you manipulate any other dashboards.
This is a new feature designed primarily for those getting started (who might prefer a list of the users with the top failed logins, over an email alert), but there are useful dashboard panels for all levels of user. Have feedback? Post on Splunk Answers, or tweet at @davidveuve.