For details, see:
Manage settings for investigations
Use the settings on this page to control how displays information for investigations.
Each of these settings can be managed from the Home menu, by selecting Administration, then, Product Settings, then Investigations.
Clickable URLs
When a Common Event Format (CEF) field on an artifact contains URL data, the user interface can display a clickable link for it.
- Use this setting to toggle whether clickable links are shown.
- Only CEF values generated by automation or included in an artifact are controlled by this setting.
- Since many URLs in CEF values are likely to be malicious, the default is OFF.
Notes can contain URL data, and those URLs will be clickable unless they are escaped using the backtick or grave character ( ` ). URLs in notes are not controlled by this setting.
Example:
`http://some.malicious.url.com`
Indicators
Use this setting to toggle whether creates indicators for new artifacts.
Severity Inheritance
When toggled on, a container will automatically increase its severity when an artifact with a higher severity level is added to it.
Example:
An analyst adds an artifact with a severity of 'high' to a container with a severity of 'medium.' The severity on the container is increased to 'high.'
| Share data from | Manage dashboard widgets in |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.3.1, 6.4.0
Download manual
Feedback submitted, thanks!