Edit Action Dropdown on a notable event

Denorsmith · ‎08-21-2021

I am trying to add a dashboard to the action dropdown when you are in incident review under specific notables. How do I do this? I cannot seem to find ANY document on how to do it and would appreciate a link to it or an explanation of how...

ro_mc · ‎09-21-2021

BePe is correct. In the main menu bar, click Settings -> Fields -> Workflow actions -> search on keyword "Investigator". You can also search from "All Configurations" if desired.

You will see a number of workflow actions from the DA-ESS-IdentityManagement app, such as identity_investigator_user. Click this link to see the options required to link to the desired dashboard.

Use this as a template to create a New Workflow action in the app of your choosing, ensuring that the workflow action is shared globally to be accessible from within Enterprise Security.

Label: <your choice>
Apply only to the following fields: <your choice>
Apply only to the following event types: <your choice>

Show action in: Fields menus
Action type: link
URI: /app/$@namespace$/dashboard_name?form.target_field=$@field_value$
Open link in: New window
Link method: get

This will create the appropriate stanza entries in the workflow_actions.conf for the container app.

BePe · ‎09-20-2021

Check the "workflow_actions.conf" files in the different apps and SAs for samples.

Edit Action Dropdown on a notable event

configuration

incident review

notable event

using Enterprise Security

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...