Splunk Enterprise Security

Additional field is not populating in ES inscident review page for the AWS cloudtail correlation search.

vin02ptl
Explorer

I have created correlation search to get the alert for the aws cloudtrail activity in enterprise security. Alert is triggering but not populating any Additional field in the incident review page.
What are the ahnges needs to do to get the additional fields in the incident review page for aws cloudtrail alert.

0 Karma
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...