Splunk Enterprise Security

Adding an ID number to ES investigations

bcyates
Communicator

Is there a way to automagically add a unique ID number to each investigation that is opened?

0 Karma

pschulz_splunk
Splunk Employee
Splunk Employee

Each investigation has an id which can be found in the URL while on the investigation page:
ess_investigation?id=5c390c8abbd7066a1b17a941

0 Karma

lakshman239
Influencer

don't think there is any way to add a unique number. However, there is an 'event_id' field autogenerated which is unique and ties up back to Incident Review.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...