Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

In Splunk Enterprise Security, how do I add a New field in an "Edit notable event" popup form?

mas
Path Finder
‎10-08-2018 04:19 AM

Hi,

One of my customers asked to add a field to the "Edit notable event" popup form in Splunk ES 5.1.1. To be more precise, customer wants an "Incident category" field, that must be populated by Security Analyst, picking up a choice from a restricted set of values (something very similar to "Status" field).

I know that I can add a "table attribute" using incident review customization page, but:
- incident category is not associated to a field in originating event (it is classified by Security Analyst);
- incident category values must be selected using a drop-down, from a restricted set of values.

Do you have any suggestions?

Thank you!

Reply

gworkun
Explorer
‎12-10-2018 05:44 PM

Would love to see if this ever gets added or is a way to add editable fields to notables.

0 Karma
Reply

alekwisnia
Explorer
‎07-22-2020 02:22 AM

+1 if anyone finds a solution. This is a must-have feature of SIEM - if anyone wants to report accordingly to NIST or ENISA standards of incident classification.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...