Currently, in our environment, any notable event that triggers would result in an automatic email sent to a distribution list. Our Management Team is interested in knowing if Splunk has any alternative ways of notifying individuals of notable events rather than email notifications. They raised a concern that if our email domain is hijacked or subjected to a DDoS attack, would there be another destination for Splunk to send alerts to?
I was thinking that, if the email server were hijacked, we would just kill our SMTP connection. That may be the fastest way of dealing with such an issue.
However, I'm open to hearing if Splunk does have the ability to send alerts to any destination other than email.
You can look at Phantom which is a commercial product by Splunk. Other ideas are services such as; if your organization uses Slack. Some apps in Splunkbase (and there a couple for slack) provide modular alerts to send to those services. They may or may not work as an ES Correlation Search action. Some developers miss a few configuration settings that are required for the ES UI to see it. Then also consider the service. If you are sending your organization security information to it. You want good solid corporate feature controls on the access to that information.