https://community.splunk.com/t5/Splunk-Search/Refining-Threat-Activity-Search/m-p/343078#M159723 <P>Hi, Im heading down the same path, maybe trying to reduce the number of notables by not raising one for anything under X number of bytes.<BR /> Did you get anywhere with your method? I'd be very interested.<BR /> Thanks</P> Mon, 12 Mar 2018 00:58:16 GMT markhill1 2018-03-12T00:58:16Z https://community.splunk.com/t5/Splunk-Search/Refining-Threat-Activity-Search/m-p/343077#M159722 <P>So I am trying to refine my Threat Activity Detected Search to only show "Allowed" connections rather than any blocked messages. Has anyone tried this before because in the Threat Intelligence Framework its not showing anything regarding action. </P> Mon, 31 Jul 2017 12:15:57 GMT https://community.splunk.com/t5/Splunk-Search/Refining-Threat-Activity-Search/m-p/343077#M159722 mtaylor78 2017-07-31T12:15:57Z https://community.splunk.com/t5/Splunk-Search/Refining-Threat-Activity-Search/m-p/343078#M159723 <P>Hi, Im heading down the same path, maybe trying to reduce the number of notables by not raising one for anything under X number of bytes.<BR /> Did you get anywhere with your method? I'd be very interested.<BR /> Thanks</P> Mon, 12 Mar 2018 00:58:16 GMT https://community.splunk.com/t5/Splunk-Search/Refining-Threat-Activity-Search/m-p/343078#M159723 markhill1 2018-03-12T00:58:16Z