Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create separate incident review dashboard for different team.

Nraj87
Loves-to-Learn Everything
‎10-30-2023 02:15 AM

Dear All,

Please suggest how to create separate incident review dashboard for different team.
OR How the notable will separated base on Teams. 

i.e. Windows Team - Windows Team can only check windows related notable 

Unix Team -Linux Team can only check Unix related notable 

SOC Team - Soc Team can check all the notable 

Labels (2)
Tags (1)
0 Karma
Reply

Gr0und_Z3r0
Contributor
‎12-06-2023 10:28 PM

Like @meetmshah mentioned create a new tag or field in the notable that defines which team will work in it. Once in place create a filter in incident review dashboard with that team tag or field and let the respective teams select and work on those filtered incidents.

0 Karma
Reply

meetmshah
Contributor
‎11-02-2023 08:58 AM

There's no OOTB feature, rather you can add tag/flag values in the search results itself and individual team members can just filter based on the flag.

Let me know if you have any questions / thoughts?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...