Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it expected : Workflow action visible under action for notable events on incident review on enterprise security

ekta_dravid
New Member
‎09-08-2017 02:12 AM
  1. I had a add-on created with prefix TA-XYZ(having Adaptive response action) and one app say "ABC", which has workflow action defined.
  2. When I merged TA-XYZ code to ABC I am now seeing the workflow actions under actions for notable events in incident review page as well.
  3. I don't want my workflow actions to be visible under incident review on enterprise security. Is there any way to disable them on incident review ?

Note - While merging I renamed ABC to TA-ABC as i was not able to see Adaptive response action created in the merged code and after renaming ABC to TA-ABC I was able to see my adaptive response action.

0 Karma
Reply

woodcock
Esteemed Legend
‎09-09-2017 01:04 PM

This is kludgey but you can add a hidden field like _indextime to your workflow_action (you don't need to actually use it; just require it to be present) and then make sure that your incidents do not have this field (actually I am pretty sure that they will not).

0 Karma
Reply

ekta_dravid
New Member
‎09-10-2017 10:45 PM

One more point to add I updated the permission form Global" to "App only". But still the actions are visible under Enterprise Security.

0 Karma
Reply

woodcock
Esteemed Legend
‎09-11-2017 05:29 PM

Try _bumping.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...