I have Power-user access only.
I have a Splunk query and I enabled an alert as a NotableEvent. And I also received the notableevents in ES --> Incident Review.
But I am not getting the S...
Hello everyone. I am trying to deploy ESS, but I having some trouble with the notableevents. I can not see results at the Incident Review dashboard and this is because the notableevent index is e...
Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtrail events. I created one correlation search and added trigger action as notable o...
...lerts as notableevents in Splunk ES. Facts: 1. I have created a Splunk Correlation search in Content Management "Suricata Medium Severity Alert" which has a custom search: index=suricata s...
I am trying to assign custom tags to notableevents so that they can be triaged by certain analysts, i.e., tier 1. I have a cron scheduled search created and it is set to create notableevents; t...
...he old low severity notableevents changed to High automatically. (this search is on data model so dose not have any eval urgency in search). How to avoid changing old notableevent severity&n...
Hi All,
I've just got Enterprise Security configured and im now trying to reduce the amount of false alarms created. Im seeing a lot of low/medium urgency network notableevents that I would c...
...0m events per day I'm sure it's not true that there hasn't been at least 1 notableevent.
where do I check to see why these events are not being generated?
I have created a workflow action to send a NotableEvent to ServiceNow to create an incident. I am unable to figure out how to resolve nested tokens. For example, if the rule title for the c...