Hi in my company they recently migrated to Spunk(EnterpriseSecurity) from QRador so installation part is done rule creation is done
and Vulnerability center , asset data feed,user data feed,t...
Hi,
I am wondering if it is possible to have my adaptiveresponseactions append fields to the notable which triggered them. I am in a situation where my adaptiveresponseaction returns a link, a...
...or more information, see Setup an AdaptiveResponse relay in the Administer SplunkEnterpriseSecurity Manual. https://docs.splunk.com/Documentation/SplunkCloud/8.1.2101/Service/SplunkCloudservice&n...
..., though visible inSplunkEnterpriseSecurity.
However, when I tried to setup the app to be able to configure adaptiveresponse, it does not accept the console token (which by the way is the s...
Hey all,
Looking for any better documentation/steps on integrating Splunk Stream app with EnterpriseSecurity.
Running Stream v. 7.1.1
Running EnterpriseSecurity v. 4.7
OS/Environment: A...
Hi.
It seems like the alert_actions defines insplunk_ta_snow misses param._cam parms, so they don't show up, as adaptiveresponses inEnterpriseSecurity.
How do I get them to do that?
K...
...nalysis AdaptiveResponseAction is the actual responseaction that gets triggered either instead of or in addition to a notable event responseaction when a risk rule matches. It adds risk scores a...
We made a clean installation of on-prem SplunkEnterprise 8.0.9 and EnterpriseSecurity 6.4.0. When correlation search returns results, we would like to append these results to an email via adaptive...