Splunk Enterprise Security
Highlighted

Splunk Enterprise Security - How to use the Incident Review event page

New Member

I have an incident which reads - "Activity from Expired User Identity" CRITICAL
Please can someone work me through how to investigate and resolve this incident.

0 Karma
Highlighted

Re: Splunk Enterprise Security - How to use the Incident Review event page

Splunk Employee
Splunk Employee
0 Karma
Highlighted

Re: Splunk Enterprise Security - How to use the Incident Review event page

New Member

Thanks ChrisG for the response, I'll review these docs.

0 Karma