Is there a "simple" way to whitelist an IP address that is showing up in the "Top Notable Event Soucres", within Splunk Enterprise Security?
You can generate fewer notable events from that source IP address (i.e. tune the correlation searches that are triggering with that src) as Martin suggests or you can modify the report that is used to populate that panel (Report Name: Notable - Top Notable Event Sources).
| `es_notable_events`
| search timeDiff_type=current src!=unknown src!="<whitelisted address>"
| stats sparkline(sum(count),30m) as sparkline,dc(rule_name) as correlation_search_count,dc(security_domain) as security_domain_count,sum(count) as count by src
| sort 100 - count,correlation_search_count
Generate fewer notable events for that IP 😛