Splunk Enterprise Security

How can I achieve a field validation in a Custom Adaptive Response Action?

nicolociraci
New Member

Hello,

I'm unable to get field validation in a Custom Adaptive Response Action in Splunk Enterprise Security. What I would like to achieve is a field validation that obliges the user to fill the field (required field) but I can't get even the simplest validation working. When I click on the run button in the adaptive actions modal view on the incident, I get no validation but a message saying "action has been dispatched".

Furthermore which field should I put in alert_actions.conf.spec and savedsearched.conf.spec? The documentation I have read is quite vague.

Thanks!

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...