Alerting

Configure a script as alert action for each result ip and send email

orca
Explorer

1. I have an alert scheduled to run every hour to get updated list of IPs of public nodes.

2. I need to run the script against each result IP and if output=success, I need to send email to specific DL to identify potential hacking activity from the IP.

possible? Can we measure the output of script execution and send email in same Alert action OR I should create the script to test the result and send email also from the script?

Any pointers or am i missing something?

Labels (1)
0 Karma
1 Solution

manjunathmeti
Champion

You can convert that script to a custom search command and use the inbuilt email alert action to send emails.

https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/createcustomsearchcmd/

If this reply helps you, an upvote/like would be appreciated.

View solution in original post

manjunathmeti
Champion

You can convert that script to a custom search command and use the inbuilt email alert action to send emails.

https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/createcustomsearchcmd/

If this reply helps you, an upvote/like would be appreciated.

Get Updates on the Splunk Community!

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...