Splunk® Add-on for Splunk Attack Analyzer

User Guide

View Attack Analyzer job information in Splunk Enterprise Security

Once you have configured the Submit URL to Attack Analyzer adaptive response action, from Incident Review in Splunk Enterprise Security you can run the adaptive response action on a notable and then view Splunk Attack Analyzer job information in History on the notable. See (Optional) Configure the adaptive response action.

  1. From Splunk Enterprise Security, navigate to Incident Review.
  2. Select the notable you want to run the Submit URL to Attack Analyzer adaptive response action on.
  3. Run the adaptive response action.
    1. Select Actions then Run Adaptive Response Action.
    2. In the Connection field, select your API key.
    3. In the URL field, enter the token to get the URL from the detected events and automatically submit it to Splunk Attack Analyzer. For more information, see Use tokens in email notifications in the Splunk Enterprise Alerting Manual.
  4. Select Run.

Once you run the adaptive response action, you are able to view information about the job from Splunk Attack Analyzer in History on the notable. You can also copy and paste the URL in the Full Job Information section in your browser to open the job in Splunk Attack Analyzer.

Job information from Splunk Attack Analyzer might already be available on the notable without having to run the adaptive response action, depending on how you have set up your correlation search.

Last modified on 26 January, 2024
Configure the Splunk Add-on for Splunk Attack Analyzer   Search Splunk Attack Analyzer data in the Splunk platform

This documentation applies to the following versions of Splunk® Add-on for Splunk Attack Analyzer: 1.1.0, 1.1.1, 1.2.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters