Solved: Need a help with workflow action or notable event ...

satyaallaparthi · ‎08-15-2019

Hello,

We created a notable event for DLP which creating

Contributing Events:
DLP Drilldown for 652837

when ever I click on DLP drill down for incident.. that is taking to splunk search and search for the who dlp web link in splunk search where I am not getting anything..

how can I create a notable event to link that with the google search instead of splunk search..
https://dlp/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=incident.id&value(operator_1)...

and I created a workflow action but no luck. I am attaching my both workflow actions and notable event screen shot.. Please do help me with that.

Any help would be great.

Thanks

solarboyz1 · ‎08-15-2019

The drill-down field of a notable is expecting splunk search syntax, you can't reference a workflow.

Since your workflow has been created, you should see it available as a drop-down on the actions menu for the event on the incident review page.

Additionally, if you drill-in to the notable, the workflow should be available in action menu for the incident_id field.

As far as I know, you cannot specify and external link or workflow as a drill-down.

View solution in original post

solarboyz1 · ‎08-15-2019

The drill-down field of a notable is expecting splunk search syntax, you can't reference a workflow.

Since your workflow has been created, you should see it available as a drop-down on the actions menu for the event on the incident review page.

Additionally, if you drill-in to the notable, the workflow should be available in action menu for the incident_id field.

As far as I know, you cannot specify and external link or workflow as a drill-down.

Need a help with workflow action or notable event contribution Events

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector