Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise Security: It is possible to customize the Incident Review default search?

hcannon
Path Finder
‎10-07-2016 07:18 AM

Enterprise Security automatically loads the Incident Review search to look for Status "All", Owner "All", Security Domain "All", Last 24 hours.

Anyone know a way to change the page to, by default, load only new incidents? Or change the time parameter? I feel like this should be something you can change easily in the app configuration, but I haven't run across anything to edit this pages default incident search.

0 Karma
Reply
1 Solution
Get Updates on the Splunk Community!

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

TECH TALKS3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?Join this Tech Talk to learn ...

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products   Security Edition   Have you ...

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience Tune in to What’s New in Splunk Enterprise ...
Top