Does Splunk Enterprise provides any API to retrieve or modify Incidents by RestAPI? Example: Get Incident information Change Incident Status Change Incident Severity Change In...
I want to create a default search filter for ALL users that go into ES Incident Review. You can create a new filter but this I believe gets saved in your profile... I go into /splunk/e...
...S/latest/Admin/Customizenotables This basically says you can add additional fields, but this will apply to all Notables in Incident Review.
My question is if other notables that have d...
I am looking for a solid understanding of the fields in the DNS packet logs. I have included information from what I have already learned in the hopes that it helps others and that it helps with dis...
Hi at all,
I tried to customize the Incident Review Dashboard to display some additional fields as user, src or dest, as described in the Enterprise Security Admin course.
At first I found that t...
...ime a part of these machine aren't used anymore. I bet we are not the only one to face this, so I was wondering, how you manage the review and update of these? I first had the idea to use the [f...
Can I add comment field as table attribute in incident review page. For that what would be field name so I can map it with my custom lable. Where the field name I can find for owner & status a...
Hello, we just updated ES from 6.4 to 6.6. The new incident review dashboard completely ignores suppressed events, showing them in the list. Is this a known issue or something caused by the u...