Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you tag a user with watchlist in Splunk Enterprise Security?

rbacker527
Engager
‎10-20-2017 01:37 PM

If I have a notable event is there a way within incident review to tag the user with watchlist?

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎10-20-2017 02:11 PM

Under the Example methods of adding asset and identity data in Splunk Enterprise Security you could refer to perform the steps under Manually add new asset or identity data, or you could update your identity lookup to set the required flag...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...