...arty APIs (such as VirusTotal or Palo Alto Wildfire) and references the hosts in an EDR tool (Crowd Strike or Carbon Black) collecting relevant information and sending that information back to the notable...
I'm working on creating new notableevents in Enterprise Security. In the notableevent alert action, I'm trying to add field values to the title so that it's easier for analysts to differentiate a...
I would like to figure out a way to update an existing notableevent via a rest api. I would specifically like to know how to update the 'Severity' or urgency field. The notableevents are being c...
Hello,
I am trying to send notableevents to third party API. Can I use webhook to POST notableevent details on third party API.
Also, please let me know if anyone has configured webhook as E...
I'd like each notableevent that is raised in ES to have a unique "ticket number" style reference, automatically incrementing as events are raised - along the same kind of lines as ticket reference n...
...ome other notable may only have 5 displayed. Is there a way to do a search that indicates wich fields would be displayed in the 'additional fields' of the notable? for reference the additional fields i...
Hello , I need to frame the search query for <drilldown_search> for the following type : "drilldown_search": "| from datamodel:\"Authentication\".\"Authentication\" | search src=$src|s$" C...
I have a problem where an admin role user cannot see another analyst user to assign specific notableevents to. However, I do not have any problems when I as another admin user try to assign the a...
I want to send customize email from Splunk ES adaptive response action. How do i add custom templet for email Message. second can I make To and Subject dynamic for each notable. p...
...lock to create a comment to the NotableEvents
6 - API block calling "update event" action to update the ES Notableevent using the following:
event_ids = artifact:*.cef.notableEventId...