Splunk® Security Add-on for SAP® solutions

User Guide

Workflow actions in the Splunk Security Add-on for SAP solutions

The Splunk Security Add-on for SAP® solutions ships with two configured workflow actions that help you navigate and further investigate results in both the Splunk Security Add-on for SAP solutions and the SAP Enterprise Threat Detection app.

Workflow actions are turned on by default. To edit a workflow action, follow these steps:

  1. Navigate to Settings > Fields > Workflow actions.
  2. On the Workflow actions page review and update existing workflow actions by selecting their names.
  3. The workflow actions for an alert appear in menus associated with events and fields in your search results.
    • Selecting Alert Details: <Alert ID> under the Event Actions menu or Actions menus for fields within an alert takes you to your SAP Enterprise Threat Detection app dashboard with the specific alert details.
    • Selecting Show Triggering Events under the Event Actions menu or Actions menus for fields within an alert returns all triggering events that contributed to the specific alert being generated.

The triggering events search might not return any results if Triggering Events are turned off under data inputs.

You can configure and access the workflow actions from the Incident Review dashboard within Splunk Enterprise Security. See, Overview of Incident Review in Splunk Enterprise Security in the Use Splunk Enterprise Security manual.

Last modified on 25 April, 2023
Configure correlation searches in the Splunk Security Add-on for SAP solutions   Troubleshoot the Splunk Security Add-on for SAP solutions

This documentation applies to the following versions of Splunk® Security Add-on for SAP® solutions: 1.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters