...mail, the email is not being sent, because the server specified in general mailserver setting is not taken by EnterpriseSecurityNotableEvents. Do I need to configure some extra settings for Splunk...
...hort to medium term.
What I would like to do is have the risk scores for a notableevent logged in incident review as one of the columns.
Is this possible?
We're running SplunkEnterpriseSecurity...
Hi Splunkers! I am using SplunkEnterpriseSecurity, and creating correlation searches, one of them I have created and tested manually by running the search over a specific period of time, many events...
Can I create a security operations workflows using the ES app? For example, if I want a ticket to be opened in the ticketing system etc. how do i do that in ES app.