Splunk Enterprise Security

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

New Member

Is it possible to automate assignment of notable events to groups?

For example, if a new notable event is triggered, is there a way to automatically assign it to a created group like to the L1 team?

0 Karma

Communicator

What do you mean by group? A specific role? You could always create a custom notable event status called "Assigned to L1 Team" that is the default status for the notable events. You can't assign a notable event to a role though as far as I am aware so this would be the best work around I can think of.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!