https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541427#M9738 <P>Are you referring to these notes?<BR /><A href="https://docs.splunk.com/Documentation/ES/6.4.1/User/Addtoaninvestigation#Add_a_note_to_an_investigation" target="_blank">https://docs.splunk.com/Documentation/ES/6.4.1/User/Addtoaninvestigation#Add_a_note_to_an_investigation</A><BR /><BR />I don't think there's a way to search for content within the notes, but only to search for the name/title of the notes. That sounds like a good idea though. Perhaps submit it to&nbsp;<A href="https://ideas.splunk.com/" target="_blank">https://ideas.splunk.com/</A>&nbsp;</P><P>&nbsp;</P> Thu, 25 Feb 2021 21:55:27 GMT lkutch_splunk 2021-02-25T21:55:27Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/538837#M9684 <P>Is there a way to search all ES Investigations for a specific artifact or IOC that may be documented in the notes?</P> Fri, 05 Feb 2021 21:48:52 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/538837#M9684 ch1221 2021-02-05T21:48:52Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541427#M9738 <P>Are you referring to these notes?<BR /><A href="https://docs.splunk.com/Documentation/ES/6.4.1/User/Addtoaninvestigation#Add_a_note_to_an_investigation" target="_blank">https://docs.splunk.com/Documentation/ES/6.4.1/User/Addtoaninvestigation#Add_a_note_to_an_investigation</A><BR /><BR />I don't think there's a way to search for content within the notes, but only to search for the name/title of the notes. That sounds like a good idea though. Perhaps submit it to&nbsp;<A href="https://ideas.splunk.com/" target="_blank">https://ideas.splunk.com/</A>&nbsp;</P><P>&nbsp;</P> Thu, 25 Feb 2021 21:55:27 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541427#M9738 lkutch_splunk 2021-02-25T21:55:27Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541518#M9741 <P>Yes, those notes or any threat detection in a notable associated to an investigation would be useful.</P> Fri, 26 Feb 2021 14:34:41 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541518#M9741 ch1221 2021-02-26T14:34:41Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541522#M9742 <P>Added as an Idea.</P> Fri, 26 Feb 2021 14:38:26 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Way-to-search-ES-Investigations-for-artifact-or-IOC/m-p/541522#M9742 ch1221 2021-02-26T14:38:26Z