Splunk Enterprise Security

splunk Enterprise security

Explorer

I created few correlation searches notable events in Enterprise security and in Incident Review - Table Attributes I added src_user , src_ip, src_dest I am not able to see results there can come one help me in fixing this?

0 Karma

SplunkTrust
SplunkTrust

You need to make sure your correlation search is producing required results. The results should have values in the fields src_user, src_ip etc.. If so, you can see the actual values for the notable in Incident review page

0 Karma