View Attack Analyzer job information in Splunk Enterprise Security
Once you have configured the Submit URL to Attack Analyzer adaptive response action, from Incident Review in Splunk Enterprise Security you can run the adaptive response action on a notable and then view Splunk Attack Analyzer job information in History on the notable. See (Optional) Configure the adaptive response action.
- From Splunk Enterprise Security, navigate to Incident Review.
- Select the notable you want to run the Submit URL to Attack Analyzer adaptive response action on.
- Run the adaptive response action.
- Select Actions then Run Adaptive Response Action.
- In the Connection field, select your API key.
- In the URL field, enter the token to get the URL from the detected events and automatically submit it to Splunk Attack Analyzer. For more information, see Use tokens in email notifications in the Splunk Enterprise Alerting Manual.
- Select Run.
Once you run the adaptive response action, you are able to view information about the job from Splunk Attack Analyzer in History on the notable. You can also copy and paste the URL in the Full Job Information section in your browser to open the job in Splunk Attack Analyzer.
Job information from Splunk Attack Analyzer might already be available on the notable without having to run the adaptive response action, depending on how you have set up your correlation search.
| Configure the Splunk Add-on for Splunk Attack Analyzer | Search Splunk Attack Analyzer data in the Splunk platform |
This documentation applies to the following versions of Splunk® Add-on for Splunk Attack Analyzer: 1.1.0, 1.1.1, 1.2.0
Download manual
Feedback submitted, thanks!