Configure log review settings
Log review settings are associated with editing the status of notable events. Go to Configure > Log Review Settings to configure whether analysts can override the calculated urgency, and if a comment is required when a status change is made.
- Allow Overriding of Urgency: This is on by default and allows analysts to override the calculated urgency of a notable event. If it is disabled, the calculated urgency may not be changed.
- Comment Required: If this is enabled, the length of the required comment can be specified.
Click Save when configuration is complete.
Notable event suppression
Security Posture dashboard
This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1