...ndex has been created there
I have correlation searches active with 2 actions : notable and json alerting.
- JSON alerting is OK
- notable : not OK
If I manually create a notableevent on E...
I am trying to manually create 500 new notableevents that all have the same timestamp.
I have not been able to find a way to do this, even though I read the Splunk manual for manually creating notable...
I was trying to create a manualnotableevent using "sendalert notable". But the name of the notable is coming as "ManualNotableEvent- Rule". How can I name the notable to exactly what I want? P...
Good afternoon.
This is related to Enterprise Security 3.1.1 build 219910.
Is it possible to allow a non-admin user to create notableevents manually? Currently we are getting a 403 error w...
...ossible to use a timestamp to change the notablecreation date time? it is creating notable everytime i hit search with the above query.`
Additionally how do i move my description from below to t...
We have multiples lines of text in our detailed Splunk ES notableevent descriptions. In order to make the text readable by our operations team, we want to manually force a newline when appropriate....
Hey! We upgraded to Splunk Enterprise Security to the latest version a few weeks ago. Before, it was on Version 4.x I believe. It was detecting events before we upgraded and after the upgrade, no m...
I created a manual correlation search with the below SPL --> the action is notablecreation splunk_server=* index=* host=x.x.x.x "login" | stats count by src_ip | where count > 3 after t...
...nalysis Adaptive Response Action is the actual response action that gets triggered either instead of or in addition to a notableevent response action when a risk rule matches. It adds risk scores a...