Splunk Enterprise Security

Splunk Enterprise Security: How to set up alerts when a notable event with urgency High & Critical arises in the Incident review?

kiran331
Builder

Hi

How to set up alerts when a notable event with urgency High & Critical arises in the Incident review with event details?

1 Solution

mwhittaker126
Engager

This is what i used. Hopefully this can help you out.

`notable` | where urgency="high" OR urgency="critical" | table _time source src dest user | eval computer=coalesce(src,dest)

View solution in original post

mwhittaker126
Engager

This is what i used. Hopefully this can help you out.

`notable` | where urgency="high" OR urgency="critical" | table _time source src dest user | eval computer=coalesce(src,dest)
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...