Auditing & Reporting • Room 3

Incident Review Tuning

The Incident Review dashboard is where analysts live. Engineers optimize this workspace by customizing table columns, adding drilldowns, and integrating workflow actions.

A Workflow Action allows an analyst to click on an IP in an alert and instantly query a 3rd party tool (like Shodan) without leaving Splunk.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Provides a clickable menu option on a field to perform an action

Defines the color coding of severities (Critical=Red)

Decides which columns (like `src`, `dest`) are visible by default

Automatically executes a ping via Adaptive Response

Workflow Action

UI Configuration

Table Settings

Response Settings