Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security - How to use the Incident Review event page

Tightech
New Member
‎07-25-2018 09:09 AM

I have an incident which reads - "Activity from Expired User Identity" CRITICAL
Please can someone work me through how to investigate and resolve this incident.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎07-25-2018 09:59 AM

Have you already followed the instructions in Investigate a notable event on Incident Review in Splunk Enterprise Security and Take action on a notable event on Incident Review in Splunk Enterprise Security in the Use Splunk Enterprise Security manual?

0 Karma
Reply

Tightech
New Member
‎07-26-2018 05:56 AM

Thanks ChrisG for the response, I'll review these docs.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top