According to the Splunk Enterprise Security documentation, the way to make the Threat Activity dashboard the default landing page in ES is to use the Edit Navigation page and click the ‘Set this as the default view’ checkmark for Threat Activity. The Edit Navigation page allows you to customize the menu bar of ES and add links to custom dashboards, reports, or other views. You can also set the default view for each app context, which determines the landing page when you open the app. To set the Threat Activity dashboard as the default view, you need to do the following steps:
On the Enterprise Security menu bar, select Configure > General > Navigation.
In the Edit Navigation page, select the Enterprise Security app context from the drop-down menu.
In the Navigation XML section, find the line that contains the view name ‘threat_activity’.
Add the attribute default=“true” to the line and remove the same attribute from any other line in the same app context.
Click Save Changes to apply the changes to the Edit Navigation page.
This will make the Threat Activity dashboard the default landing page when you open the Enterprise Security app. See Customize the navigation bar for more details.
The other options are not the correct ways to make the Threat Activity dashboard the default landing page in ES. Dragging and dropping the Threat Activity view to the top of the page will not change the default view, but only the order of the menu items. Selecting Enterprise Security as the default application will not change the default view within the app, but only the app that opens when you log in to Splunk. Editing the Threat Activity view settings will not change the default view, but only the title, description, permissions, and schedule of the dashboard. Therefore, the correct answer is C. From the Edit Navigation page, click the 'Set this as the default view" checkmark for Threat Activity. References = Customize the navigation bar.
