...earches and views..." state.
The same is true for the IncidentReview Page. (see below)
I already checked the configuration health. The local overrides and the local overrides and removed s...
Hi,
I have an issue at a customer where ES is not showing the notables on the incidentmanagement page or the security posture page. I have confirmed that the custom correlation searches are e...
...internal" sourcetype=*content_management* But i am not getting any useful data with this query. Please kindly help me where all logs stored for content management(use cases) inEnterprisesecurity...
I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprisesecurityincidentreview, many of which are allowed communication between our systems. What would b...
In the Splunkincidentreview dashboard, when the customer is clicking on the submit button, they can see the event count at the top. But instead of events in the result, Splunk is showing "Search d...
Hi
Is it possible to clone/duplicate IncidentReviewin the SplunkEnterpriseSecurity app? I would like to create 2 IncidentReview dashboards and segregate the notable events based on the c...
In the IncidentReview panel, we select a Notable Event, click on Edit Selected and a form pops up.
I chose the first dropdown, selected "ACKIN" and clicked on Save and was returned:
Unable to c...
We have a lot of indicators in our SplunkIncidentReview queue, and I am having a challenging time with SplunkEnterpriseSecurity Suppression, and it's driving me nuts. It's been about a year and I...
My fields are not showing in additional field under incidentreviewinSplunk. I want to take results obtained from the query into additional fields, incidentreview additional field.
I have c...