...nomalous events and threat activities and uses an aggregation of events impacting a single riskobject, which can be an asset or identity, to generate risk notables inSplunkEnterpriseSecurity. 4. W...
Hi All,
There are few risk notable events getting generated in the Incident review page as part of correlation searches being run.
How can we exclude few users (who are from SOC team) from c...
Are there any future plans to make this app CIM compliant? We are using the EnterpriseSecurity app which requires all logs to be CIM compliant in order to take full advantage of the ES app.