Splunk Enterprise Security

Is it not possible to use an ampersand character in Notable Event Next Steps?

sidoyle_
Explorer

When writing plain text in the Next Steps field of a notable event such as Mitre ATT&CK it is then shown, when the notable is created, as Mitre ATT&CK which is clearly incorrect. Is it possible to escape the & character is some way ?

 

This also happens when using action:url too - [[action|url:Mitre ATT&CK ]]  is shown as Mitre ATT&CK 

Any help would be appreciated.

Labels (1)
0 Karma

marnall
Motivator

One way around this is to use a small (﹠) or fullwidth (&) ampersand.

0 Karma

sombhtr239
Explorer

Hi,

 

What do you mean by small (&)......by lowering the fonts?

0 Karma

marnall
Motivator

Not by lowering the fonts, but by using special unicode characters that look like ampersands but are not treated as ampersands. Try copying and pasting the ampersand-like characters from my post.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...