Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to reduce notable events that correlation search has generating?

balu1211
Path Finder
‎01-05-2023 10:48 AM

Hi,

I have created an advance threat protection incidents  Correlation Search which is   generating notable events how I can make it to reduce the notables which it is generating.

Thanks 

Labels (1)
Labels
0 Karma
Reply

lblystone
Splunk Employee
Splunk Employee
‎01-06-2023 09:35 AM

If you are getting duplicate alerts for the same ATP incidents, look into throttling the results based on the same field values.

Check out this page for more information. https://docs.splunk.com/Documentation/ES/7.0.2/Tutorials/ScheduleCorrelationSearch#:~:text=Set%20up%...

Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top