Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Adding to 'Additional Fields' In Incident Review

adam_dixon95
Explorer
‎04-15-2019 09:47 AM

Hi,

I'm trying to see if there's a way to add additional/custom fields in Incident Review.

Is there much room for customisation? All I've seen thus far is adding event attributes via Incident Review settings.

Sorry this is rather vague - Just looking to find ways to customize these settings on the basis of different notable events.

Thanks,

Adam.

0 Karma
Reply

lakshman239
Influencer
‎04-23-2019 05:09 AM

what sort of customization are you looking to do per notable? Have you looked at http://www.georgestarcher.com/splunk-enterprise-security-enhancing-incident-review/ to suggest linking a ticketId to adaptive response?

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...