![]() To customize settings for notable events, see Customize notable event settings in Splunk Enterprise Security.To manually create notable events, see Manually create a notable event in Splunk Enterprise Security.To customize the display of the Incident Review dashboard, and also modify analyst capabilities and permissions, see Customize Incident Review in Splunk Enterprise Security.To audit and review analyst activity on the Incident Review dashboard, see Incident Review Audit in Use Splunk Enterprise Security.For information about how analysts use the Incident Review dashboard, see Incident Review overview in Use Splunk Enterprise Security.The Incident Review dashboard surfaces all notable events, and categorizes them by potential severity so analysts can quickly triage, assign, and track issues. When a correlation search detects a suspicious pattern, the correlation search creates an alert called a notable event. Describe threat lists and threat list administration tools.Module 12 – Threat Intelligence Framework ![]() Describe the interaction of lookups with correlation searches and other ES functions.Module 11 – Lookups and Identity Management Module 10 – Creating Correlation Searches Create an add-on for a custom sourcetype. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |