Splunk® Enterprise Security

Use Cases

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Sort notables by disposition

Ram now sorts the notables by disposition in the Incident Review page so that he can drill down on the risk notables that are tagged as True Positive - Suspicious Activity as shown in the following image. SortNotablesbyDisposition

  1. From the Enterprise Security menu, Ram selects the Incident Review page that provides a list of notable events for the security domains.
  2. Ram clicks Disposition in the table to sort the notables tagged as True Positive - Suspicious Activity.

The table of notable events in the Incident Review page also lists the risk events associated with the notable.

Now Ram can focus on investigating risk notables that are grouped together as True Positive - Suspicious Activity.

Last modified on 24 March, 2022
Add dispositions to risk notables   Investigate risk notables that represent a threat

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters