Workflow actions in the Splunk Security Add-on for SAP solutions
The Splunk Security Add-on for SAP® solutions ships with two configured workflow actions that help you navigate and further investigate results in both the Splunk Security Add-on for SAP solutions and the SAP Enterprise Threat Detection app.
Workflow actions are turned on by default. To edit a workflow action, follow these steps:
- Navigate to Settings > Fields > Workflow actions.
- On the Workflow actions page review and update existing workflow actions by selecting their names.
- The workflow actions for an alert appear in menus associated with events and fields in your search results.
- Selecting Alert Details: <Alert ID> under the Event Actions menu or Actions menus for fields within an alert takes you to your SAP Enterprise Threat Detection app dashboard with the specific alert details.
- Selecting Show Triggering Events under the Event Actions menu or Actions menus for fields within an alert returns all triggering events that contributed to the specific alert being generated.
The triggering events search might not return any results if Triggering Events are turned off under data inputs.
You can configure and access the workflow actions from the Incident Review dashboard within Splunk Enterprise Security. See, Overview of Incident Review in Splunk Enterprise Security in the Use Splunk Enterprise Security manual.
| Configure correlation searches in the Splunk Security Add-on for SAP solutions | Troubleshoot the Splunk Security Add-on for SAP solutions |
This documentation applies to the following versions of Splunk® Security Add-on for SAP® solutions: 1.0.0
Download manual
Feedback submitted, thanks!