Hi Guys,
I would ask how to add a link on the next steps form.
on the correlation search I read:
"Add a link to an action with the syntax: [[action|nameOfAction]]."
but is not clear.
Regards
Ale
I've been searching for the same answer, as Splunk ES is is limiting in the regards. Most our other tools are found elswhere - to expedite the review or mitigation, it would be very helpful to add a link in the next steps to say go to the EDR, the Proofpoint Server, O365 etc... vs. the SOC analyst needing to fumble through his/her bookmarks etc.. If this doesn't exist, I sure how it's on the roadmap.
The available response actions are the ones in the dropdown list for "insert adaptive response action." For example if you want the next step to be ping a host, you can use text and the link to the action in that format mentioned:
Ping a host to determine if it is active on the network. If the host is active, increase the risk score by 100, otherwise, increase the risk score by 50. [[action|ping]]
Let me know if that helps.
Thanks for your reply, yes but my question is:
Can I add for example a clickable confluence link on the "next steps" form? or in the notable event in general?
Thanks
Ale
Curious if you were able to put a clickable liink in the "Next Steps" area.
I don't think it would be a clickable link. It would probably be a copy/paste link.