...unctionality into my Enterprise search or Splunk Enterprise Security (ES) apps.
I imagine that the steps are:
1) Make pantag available to ES
*either install Palo Alto app for Splunk or add p...
While I wait our new license I thought I'd ask here...
I have a workflow action to look up an IP via a search string and open into a new window. When looking at a result in Splunk Enterprise Security...
...ncident Review page within Splunk Enterprise Security (ES) it defaults back to ES and does not open it in a new search. Does anyone know why this won't allow me to open in a new search?
Hello
I am trying to figure out how I can do this:
I have a saved search that runs on server A and I want to automate secure copy (scp) those results to server B. How can I accomplish this? A...
On page 12 of 122 on the documentation of "Splunk Security Analyst Workflows 7.1.0" it says and I quote:
"If you added notable events to investigations, or generated short IDs for notable events t...
...ctions under actions for notable events in incident review page as well.
I don't want my workflow actions to be visible under incident review on enterprise security. Is there any way to disable t...
Is it possible to automate assignment of notable events to groups?
For example, if a new notable event is triggered, is there a way to automatically assign it to a created group like to the L1 team?
We are running Enterprise Security and I'm trying to schedule and automate the population of assets.csv that ES uses as an Identity Management lookup file. I figured I could use DB Connect to c...