Splunk Enterprise Security

How whitelist editor is working in threathinting app ?


I am wondering how whitelist lookups concept is working in threathinting app?
is it something we need to push the data in everytime manually or is there any automatic way to popup the required fields ?

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!