Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk ES Notable Event Alert Notifications - Alternatives to Email

adnankhan5133
Communicator
‎08-14-2020 08:45 PM

Currently, in our environment, any notable event that triggers would result in an automatic email sent to a distribution list. Our Management Team is interested in knowing if Splunk has any alternative ways of notifying individuals of notable events rather than email notifications. They raised a concern that if our email domain is hijacked or subjected to a DDoS attack, would there be another destination for Splunk to send alerts to?

I was thinking that, if the email server were hijacked, we would just kill our SMTP connection. That may be the fastest way of dealing with such an issue.

However, I'm open to hearing if Splunk does have the ability to send alerts to any destination other than email.

0 Karma
Reply

starcher
Influencer
‎08-15-2020 01:55 PM

You can look at Phantom which is a commercial product by Splunk. Other ideas are services such as; if your organization uses Slack. Some apps in Splunkbase (and there a couple for slack) provide modular alerts to send to those services. They may or may not work as an ES Correlation Search action. Some developers miss a few configuration settings that are required for the ES UI to see it. Then also consider the service. If you are sending your organization security information to it. You want good solid corporate feature controls on the access to that information.

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-14-2020 11:05 PM

You can create your own alert actions to configure SMS alerts if you have SMS gateway.

anything is possible in Splunk.

————————————
If this helps, give a like below.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...