Currently on Splunk ES 7.3.2 Splunk Enterprise Security where i can see users, who used to be part of the organisation, but are now deleted/disabled (in Splunk) are still populating when i try to assign new investigations to other current members of the organisation For instance, Incident Review -> Notable -> Create Investigation In the investigation panel, when i try to assign the investigation to other members of the team, i can also see disabled/deleted accounts/users/members as an option to assign the investigation to. Any way we can remove these members from populating so that the list of investigators replicate the current numbers we have in the team.
... View more