...mail, the email is not being sent, because the server specified in general mailserver setting is not taken by EnterpriseSecurityNotableEvents. Do I need to configure some extra settings for Splunk...
...hort to medium term.
What I would like to do is have the risk scores for a notableevent logged in incident review as one of the columns.
Is this possible?
We're running SplunkEnterpriseSecurity...
...his splunk dev article: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBE under the "Determine whether your action supports ad hoc invocation" it says any action that uses the SENDALERT action s...
Description: Hello, I am experiencing an issue with the "event_id" field when transferring notableeventsfromSplunkEnterpriseSecurity (ES) toSplunk SOAR. Details: When sending the eventto...
Hi Splunkers! I am using SplunkEnterpriseSecurity, and creating correlation searches, one of them I have created and tested manually by running the search over a specific period of time, many events...
Hi All, Hope you all are doing well. I am very new toSplunkEnterprisesecurity, and i need your help to understand how i can create a reverse integration with ServiceNow. So we are u...
Can I create a security operations workflows using the ES app? For example, if I want a ticket to be opened in the ticketing system etc. how do i do that in ES app.