According to the Splunk Enterprise Security documentation, the bar across the bottom of any ES window is called the Investigation Bar. The Investigation Bar is a tool that helps you create and manage investigations in ES. An investigation is a collection of related notable events, comments, and artifacts that document a security incident or a threat hunting activity. You can use the Investigation Bar to do the following tasks:
Create a new investigation or open an existing one.
Add notable events, comments, and artifacts to an investigation.
Assign an owner and a status to an investigation.
Share an investigation with other users or roles.
Export an investigation as a PDF report.
The Investigation Bar also provides a link to the Investigation Workbench, which is a dashboard that shows a timeline and a summary of an investigation. Therefore, the correct answer is B. The Investigation Bar. References = Use the Investigation Bar.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit