Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

rahul130191
New Member
‎04-04-2016 09:01 PM

Is it possible to automate assignment of notable events to groups?

For example, if a new notable event is triggered, is there a way to automatically assign it to a created group like to the L1 team?

0 Karma
Reply

ryandg
Communicator
‎04-14-2016 06:54 AM

What do you mean by group? A specific role? You could always create a custom notable event status called "Assigned to L1 Team" that is the default status for the notable events. You can't assign a notable event to a role though as far as I am aware so this would be the best work around I can think of.

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top