Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add link in ES Notable events "next steps" form?

aasabatini
Motivator
‎07-07-2021 08:27 AM

Hi Guys,

 

I would ask how to add a link on the next steps form.

on the correlation search I read:

"Add a link to an action with the syntax: [[action|nameOfAction]]."

but is not clear.

Regards

Ale

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Labels (1)
Labels
0 Karma
Reply

rpfutrell
Explorer
‎12-24-2024 07:02 AM

It's nice to see that you can now post a URL in ES - thank you!

0 Karma
Reply

rpfutrell
Explorer
‎02-14-2024 11:28 AM

I've been searching for the same answer, as Splunk ES is is limiting in the regards.  Most our other tools are found elswhere - to expedite the review or mitigation, it would be very helpful to add a link in the next steps to say go to the EDR, the Proofpoint Server, O365 etc... vs. the SOC analyst needing to fumble through his/her bookmarks etc..   If this doesn't exist, I sure how it's on the roadmap. 

0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎07-08-2021 09:10 AM

The available response actions are the ones in the dropdown list for "insert adaptive response action." For example if you want the next step to be ping a host, you can use text and the link to the action in that format mentioned: 


Ping a host to determine if it is active on the network. If the host is active, increase the risk score by 100, otherwise, increase the risk score by 50.  [[action|ping]]

https://docs.splunk.com/Documentation/ES/6.6.0/Tutorials/ResponseActionsCorrelationSearch#Part_5:_Ch...

 

Let me know if that helps. 

Reply

aasabatini
Motivator
‎07-09-2021 01:14 AM

Hi @lkutch_splunk 

Thanks for your reply, yes but my question is:

Can I add for example a clickable confluence link on the "next steps" form? or in the notable event in general?

Thanks

Ale

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
0 Karma
Reply

jvsplunker
Loves-to-Learn Everything
‎06-27-2022 09:56 AM

Curious if you were able to put a clickable liink in the "Next Steps" area.

0 Karma
Reply

lkutch_splunk
Splunk Employee
Splunk Employee
‎07-09-2021 10:13 AM

I don't think it would be a clickable link. It would probably be a copy/paste link.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...