Hi Team I am looking to send an email alert once thenotableevent is closed, I can send an email when thenotableevent is created but I cannot seem to find a way to send an email when thenotable...
I'm working on creating new notableevents in Enterprise Security. In thenotableevent alert action, I'm trying to add field values to the title so that it's easier for analysts to differentiate a...
I am try add to my notableevent in correlation search next step analyst need to take. I am see some issue.
when I list next step action for analyst to take. I am getting my my next step action g...
I am trying to add a dashboard to theaction dropdown when you are in incident review under specific notables. How do I do this? I cannot seem to find ANY document on how to do it and would a...
What are the actual $result.fieldname$ tokens that are available in ITSI NotableEvents for the Send to Email action. I'm trying to access thenotableevent title, description, and whatever other f...
Hi,
I am grouping theNotableevents on certain conditions and set theaction rules for them.
In Alert Actions, we have a section "add a comment". I want this comment to be dynamic based on f...
From a Splunk custom App, I need to add the workflow action which should be displayed under theActions menu for thenotableevent in the Incident Review view in the Splunk Enterprise Security. I h...
Hi all, I'm wondering if anyone has had success updating notableevents using the Splunk SDK for Python (splunklib). I've seen a few examples of how to get it done with the splunk python package (f...
I was given admin rights at my job recently to work suppressions, and I have the ability to go to thenotableevent suppressions menu and do suppressions there, but when I go to incident review and a...