| | How do I get my Incident Review in ES to auto refresh, without having to manually auto refresh it from the browser. 1 8 | 1 | 8 | |
| | Hello Team We have a UBA 3-nodes architecture. Unfortunately, SAML authentication is required. We added the SAML xml ... 0 1 | 0 | 1 | |
| | Hi Guys, I would ask how to add a link on the next steps form. on the correlation search I read: "Add a link to an ... 0 5 | 0 | 5 | |
| | Hello, How do I obtain an NFR license (or the like)? We have integrations with Splunk but no way to test/evaluate th... 0 2 | 0 | 2 | |
| | Hi Everyone,We`ve created a new TA to get data in from an API - this was done on the HF and the data is being sent to... 0 1 | 0 | 1 | |
| | Why I can't I see data on Splunk ES Non-corporate Web Uploads? When I click on the user, I get mariangelie.rodriguez... 0 1 | 0 | 1 | |
| | Hi Folks, lately MC started behaving little wired, after performing investigation whenever SOC analyst trying to redu... 0 3 | 0 | 3 | |
| | Hi peeps, We were fine tuning the Notable Event, and there were fields that were not showing any values. Those fields... 0 3 | 0 | 3 | |
| | Hi All,The data checkpoint file for windows logs is taking up a lot of disk space (over 100 GB).Where can I check the... 1 0 | 1 | 0 | |
| | I was wondering if anyone knew where I could find it either in the logs or even better the audit REST endpoint if an ... 0 0 | 0 | 0 | |
| | Hi, I am looking send an email to user with simple yes/no response which I can then use to handle the case. I know Pa... 0 2 | 0 | 2 | |
| | We wonder what the identity, Asset, File and URL Extraction fields are in the Notable set-up of the correlation searc... 0 3 | 0 | 3 | |
| | Our current SOAR servers, fresh install on AWS EC2s, 500's each night. Upon investigation, it looks like there's this... 0 4 | 0 | 4 | |
| | As the title suggests, I got some SSL certs from my teams, but because the default SSL port is 8443, it's not recogni... 0 0 | 0 | 0 | |
| | Hi all,In my AD computer account deletion correlation search, I use _time and subjectusername in throttling fields fo... 0 3 | 0 | 3 | |
| | hello all!is there a default time that events (containers/cases) are stored in the SOAR server to approach to?and if ... 0 5 | 0 | 5 | |
| | Hi all,I need to clarify the correlation searches within SOAR. Is there any way to identify them? 0 5 | 0 | 5 | |
| | Hi,I would like to know about the triggered notable events from CS without accessing the incident review dashboard, a... 0 1 | 0 | 1 | |
| | I need to calculate the average number of events in the last hour and compare it with the number of events in the las... 0 1 | 0 | 1 | |
| | Having issues with fetching investigations in incident review.Investigation is added for the alert but when accessing... 0 0 | 0 | 0 | |
| | Hello,We have PROD and DEV instance that are both running Mission Control with the following versions below:PROD - ES... 0 2 | 0 | 2 | |
| | Hey folks, does anyone know of a straightforward way to get a count of the number of times each playbook is used as a... 1 2 | 1 | 2 | |
| | I am looking for a query to list out CrowdStrike Agent versions installed. What is the latest version, are the client... 0 1 | 0 | 1 | |
| | I'm looking to close out (or delete) all notable events that were created prior to a specific date time. The way the... 0 1 | 0 | 1 | |
| | What health check items would you configure for Ent. Security app. for general purpose of for Security watch purposes... 0 2 | 0 | 2 | |
