Splunk Enterprise Security

How to restrict notable status usage to user?

gra_nomios
Observer

Hello,

I need to authorize some users to create correlation searches that trigger notables. But these notables must not be set with specific status.

I haven't found the way do to that. I only see restriction on status transition.

Any ideas ?

Thanks in advance.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...