Update your user settings
By default, your user profile information is displayed when you access the user settings. For example, you can view which roles and permissions your user account has in the Role field. The following table lists the user profile options available for you to configure:
|View your user information, Enclave subscriptions, change your password, set your default enclave and timezone, and work with experimental features, including Dark Mode. For more information, see Editing Your Profile.
|Create or regenerate API credentials for use with partner integrations.
|View, activate or deactivate users, add users and export user information. For details, see Managing Users. This setting is only available to Administrative users.
|Configure the email inboxes for your private enclaves. For details, see Enclave Email Inbox.
|Set up when and how you will be notified when new data is added to your private Enclaves and manage the list of keywords to watch. For details, see Notifications and Alerting.
|Specify terms that will be removed from data imported to and exported from Splunk Intelligence Management enclaves. You can manually redact a single Intel Report or use the Redaction Library to automatically remove terms from reports. For details, see Redacting Data from Reports.
|View and edit the company safelist. For more details, see Managing the Company Allow List .
Edit your user profile
If the User Profile page is not already open, click on Profile to view your user profile settings. You can change the settings listed in the table:
|Lists your information, such as your role (administrator or user) and whether or not certain features are enabled (multi-factor authentication and single sign-on).
|View Enclave Subscriptions
|Shows which enclaves you can access in your investigations and what permission levels you hold (view only, read/write, etc.).
|How to update your password. Splunk Intelligence Management recommends changing your password on a regular basis.
|Select Default Enclave
|Selects a default enclave to display in the Dashboard.
|Select Default Timezone
|Controls what timezone is used to display dates and times in the Splunk Intelligence Management Web App.
|Use Experimental Features
|Splunk Intelligence Management may release new Web App features for experimental use and you can choose to use them or not. For example, Dark Mode is currently available as an experimental feature.
Note: These features may be incorporated into future releases or removed from the user interface.
Configure the notifications you see
The Splunk Intelligence Management Web App can notify you by email about about important events that involve your preferences or activity on the platform. Notifications enable you to:
- Learn if a new report was submitted to any of your private Enclaves
- Learn if a new IOC list was submitted to any of your private Enclaves
- Learn if a "Watched Keyword" you are following has been mentioned in any new Intel Reports submitted to your private Enclaves
- Go to the Splunk Intelligence Management Web App to see the results of the notifications
Assess the notifications screen
- Click the user settings icon on the navigation bar, then select Settings from the dropdown menu.
- Click Notifications.
Edit the notifications you receive when you are logged in
You can choose these options for being notified of changes to your Enclaves:
- New Submissions: Check this box to receive email notifications about new submissions in near-real time.
- Digest Frequency: Check this box to receive a Daily or Weekly digest of notifications.
- Unsubscribe Me...: Check this box to stop receiving all notifications from Splunk Intelligence Management.
After changing your options, click Update Notification Preferences to save the changes.
Get notified when specific keywords are found in enclaves
You can follow keywords of interest and be notified by email whenever a new Intel Report submitted to a private Enclave or added to a subscription Enclave contains that keyword.
- You can add a new Watched Keyword through the Search feature:
- To search for the keyword, select the Watch Keyword option.
- To stop receiving notifications, click on the keyword you want to remove in the list of Watched Keywords.
Set up a dedicated service account for API keys and tracking
Use normalized indicator scores to identify the relative severity of each indicator
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current