The Splunk Dashboard

Each data steward will be provided their own dashboard.

Navigating the Dashboard

Dashboard tab on Splunk.

1. Once logged in, click on the Dashboards tab at the top of the window.

Dashboards -all events.

2. From the list of dashboards, click on your dashboard. UBIT provides data stewards with the name of their dashboard.

The All Events in [RESTRICED TestFolder] panel contains every access event that has occurred in the restricted data folder since it was created.  TestFolder is the name of the folder being monitored in this example.

Dashboard - sensitive event.

3. In the table, a number of data items are visible.  Note that to the left there are more items that can be added to the table. The items pre-configured in the table are the most relevant.  These items are the same items found in all the panels on the dashboard:

  • _time:  Date and timestamp of the event.
  • ip_address:  IP address of the client involved in the event.
  • event_type:  The kind of event that happened.
  • additional_details_service_name:  If an app was used, the name of the app would be here.  A blank item indicates the web interface was used.
  • source_item_name:  The name of the folder or file involved in the event.
  • source_item_type:  Indicates file or folder.
  • source_parent_name:  The parent folder of the item that was acted upon.
  • created_by_login:  The email of the user that performed the event.
  • created_by_name:  The name of the user that performed the event.  (Note that in Box the user can change their name to be anything they like).
  • accessible_by_login (not in above image, scroll to the right):  The email address of a user who has been given access to the folder (collaboration invitation).
  • accessible_by_name (not in above image, scroll to the right):  The name of a user who has been given access to the folder (collaboration invitation).
  • additional_details_role (not in above image, scroll to the right):  The role granted to a user who has been given access to the folder (collaboration invitation).

There are three other panels on the dashboard.  Each panel contains a subset of the events in the "All Events" panel.  The events listed in these panels all generate alert emails to the data stewards (or designees).  These events in particular should be reviewed to insure security of the data.  The other three panels are:

  • Collaboration invitations and acceptances
  • Downloads
  • Improperly named folders
    • All sensitive data folders must have a particular naming format in order for monitoring to work properly.  Alerts are generated when improperly named folders are created.