Correct im in Incident Review, I then go to actions and then to the workflow I have created. The work flow is set to open in a new window.
... View more
I have made a workflow action item that looks up details on an IP address when there is a threat hit. This works when it is ran from the Search and Reporting app, but when I try to run it from the Incident Review page within Splunk Enterprise Security (ES) it defaults back to ES and does not open it in a new search. Does anyone know why this won't allow me to open in a new search?
... View more
Is there a way to force a notable event in Splunk Enterprise Security to be critical? We have certain notables that are created that are only registered as a high and we want to force them to be critical. Is there a way to accomplish this?
Thanks,
... View more