Splunk Enterprise Security

Splunk Enterprise Security update multiple notables at the same time using REST API


Hi all!

I have been trying to automate a task lately,

So I'm able to edit one notable event using the API just fine, but I want to edit multiple notables at the same time, it will be a tedious job to manually go throw each notable event and take the "event_id" one by one!

is there a way to make this happened? 

I don't know something like selecting the notable events I want to edit from the Enterprise Security incident review page and copy their "event_ip" to a clipboard or something like this?

Thanks in advance.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...