Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk 'Enterprise Security Suite' - Identity Management's Priority calculation

jawaharas
Motivator
‎04-02-2019 07:42 PM

Configuration:
We have configured a lookup table under 'ESS Identity management' to maintain the list of users. The user list is updated daily using a scheduled search. And the 'priority' of the user is calculated either as 'high' or 'medium' based on certain factors.

Problem:
But, the priority of a few users is modified as 'critical'. I am trying to understand feature/search which modifies the priority value.

Any help is a welcome one. Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lakshman239
Influencer
‎04-04-2019 05:08 AM

I don't think the users priority in the identity tables gets changed by any other process. Can you pls double check if your scheduled search is updating it? (perhaps)
I assume you are not talking about -https://docs.splunk.com/Documentation/ES/5.2.2/User/Howurgencyisassigned

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

lakshman239
Influencer
‎04-04-2019 05:08 AM

I don't think the users priority in the identity tables gets changed by any other process. Can you pls double check if your scheduled search is updating it? (perhaps)
I assume you are not talking about -https://docs.splunk.com/Documentation/ES/5.2.2/User/Howurgencyisassigned

0 Karma
Reply
Solved! Jump to solution

jawaharas
Motivator
‎04-06-2019 06:18 PM

You are right. I have overlooked the scheduled search that updates the identity lookup table. My bad.

The priority indeed calculated and updated by the scheduled search. Thanks.

0 Karma
Reply
Solved! Jump to solution

lakshman239
Influencer
‎04-07-2019 10:30 PM

If you are happy with the answer, pls accept the same to close the thread.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...