Hello, Splunkers! I am learning Splunk ES and trying to understand how urgency value is assigned for notables generated from the correlation searches. I went over this article: How urgency i...
Hi
I'm trying to create a Identity Lookup for Splunk Enterprise Security. I have a users from Group and OU's which has to be critical, I'm using the below search, OU case is working but no the gro...
One of our alerts, CSIRT - Threat_Activity_Detection, came in on 8/31 but did not auto assign the Incident Type that I created (csirt - threat_activity_detection) and therefore the R...
Hello, I manage Splunk hybrid (cloud SH, on-premise DS, HF etc). I have task to create custom roles and R-B-A-C. I have few questions and I would be thankful if you could help me clarify that: 1...
...andom function to randomly assign a task to random employees. So, if there are 10 tasks a 5 employees, each employees would randomly get 2 tasks OR say you have 2 tasks and 5 employees, 2 of these 5...
Is it possible to run a playbook on demand, meaning a manual trigger by an analyst such as clicking a playbook during a workbook step? I have a use case where I want to run a playbook, but only from ...
Phantom 4.9 supports Markdown notes and it is possible to add markdown note using GUI. But how to use markdown with the add_task API function? Like phantom.add_task(container=None, name=None, ...
I have an application file imported to be used as a lookup table in order to set the priority on servers within Assets and Identity but the file uses risk tiers instead of priorities. To get around t...
How to extract and assign the timestamp from the below multiline event. Timestamp exists in the 4th line from last.
Test Log Management
Y12354.ABC
Y12354.ABCýY12354.AMýY12354.PM
LIVE
A...
...ield but along with Priorities to assign to. I am using data from SQL to create a saved search that outputs into a lookup. My issue is that the data that is in the lookup has TEXT field with w...