Good afternoon.
This is related to EnterpriseSecurity 3.1.1 build 219910.
Is it possible to allow a non-admin user to createnotableevents manually? Currently we are getting a 403 error w...
We have just upgraded SplunkEnterprise 6.4.1 / SplunkEnterpriseSecurity 4.1.1 to SplunkEnterprise 6.5.2 with SplunkEnterpriseSecurity 4.5.2.
When I try to createan Ad-Hoc NotableEvent I...
Hi
Im using the below search and wish to createanotableevent from the search. (filtered to not show company info)
sourcetype=DhcpSrvLog description=assign dest!=prefix1* prefix2* dest_ip!=x.x...
Is it possible to createnotableevents inSplunk Cloud or is it only native to EnterpriseSecurity? The detection rule below is creating actions=risk, notableand assigning some parameters in...
...ost up-to-date events for the SOC. Administrators can now customize and control the frequency of the auto refresh.
Securityanalysts can currently prioritize notableevents within SplunkEnterprise...
One of my SplunkEnterpriseSecurity customer's complained that sometimes the notableevents are not created even when the corresponding raw data is there.
So I checked the scheduler log and f...
...ine 1, in render_body
<%# Copyright (C) 2009-2012 SplunkInc. All Rights Reserved.
File "C:Program FilesSplunketcappsSA-ThreatIntelligencebinshortcutsinit.py", line 162, in getOwners
u...
We have multiples lines of text in our detailed Splunk ES notableevent descriptions. In order to make the text readable by our operations team, we want to manually force a newline when appropriate....
...dex has been created there
I have correlation searches active with 2 actions : notableand json alerting.
- JSON alerting is OK
- notable : not OK
If I manuallycreateanotableevent on E...