I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprisesecurityincidentreview, many of which are allowed communication between our systems. What would b...
In the Splunkincidentreview dashboard, when the customer is clicking on the submit button, they can see the event count at the top. But instead of events in the result, Splunk is showing "Search d...
Hi
Is it possible to clone/duplicate IncidentReviewin the SplunkEnterpriseSecurity app? I would like to create 2 IncidentReview dashboards and segregate the notable events based on the c...
...earches and views..." state.
The same is true for the IncidentReview Page. (see below)
I already checked the configuration health. The local overrides and the local overrides and removed s...
In the IncidentReview panel, we select a Notable Event, click on Edit Selected and a form pops up.
I chose the first dropdown, selected "ACKIN" and clicked on Save and was returned:
Unable to c...
We have a lot ofindicators in our SplunkIncidentReview queue, and I am having a challenging time with SplunkEnterpriseSecurity Suppression, and it's driving me nuts. It's been about a year and I...
My fields are not showing in additional field under incidentreviewinSplunk. I want to take results obtained from the query into additional fields, incidentreview additional field.
I have c...
Hi,
We have a requirement to add some additional fields to events under "IncidentReview" for IOCs (I have looked at some of the mappings in notables2.html ), however, they don't give us quite e...