Splunk Enterprise Security

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

rahul130191
New Member

Is it possible to automate assignment of notable events to groups?

For example, if a new notable event is triggered, is there a way to automatically assign it to a created group like to the L1 team?

0 Karma

ryandg
Communicator

What do you mean by group? A specific role? You could always create a custom notable event status called "Assigned to L1 Team" that is the default status for the notable events. You can't assign a notable event to a role though as far as I am aware so this would be the best work around I can think of.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...