-
Notifications
You must be signed in to change notification settings - Fork 377
/
Copy pathget_notable_history_for_endpoint.json
49 lines (49 loc) · 1.39 KB
/
get_notable_history_for_endpoint.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
"creation_date": "2017-03-15",
"data_metadata": {
"data_source": [
"Notable Events"
],
"providing_technologies": [
"Splunk Enterprise Security"
]
},
"description": "This search queries the notable index and returns all the Notable Events for the particular destination host, giving the analyst an overview of the incidents that may have occurred with the host under investigation.",
"entities": [
"dest"
],
"how_to_implement": "If you are using Enterprise Security you are likely already creating notable events with your correlation rules. No additional configuration is necessary.",
"id": "3d6c3213-5fff-4a1e-b57d-b24c262171e7",
"investigate": {
"splunk": {
"fields_required": [
"dest"
],
"schedule": {
"cron_schedule": "",
"earliest_time": "864000",
"latest_time": "86400"
},
"search": "| search `notable` | search dest={dest} | table _time, rule_name, owner, priority, severity, status_description"
}
},
"maintainers": [
{
"company": "Splunk",
"email": "bpatel@splunk.com",
"name": "Bhavin Patel"
}
],
"modification_date": "2017-09-20",
"name": "Get Notable History",
"original_authors": [
{
"company": "Splunk",
"email": "bpatel@splunk.com",
"name": "Bhavin Patel"
}
],
"spec_version": 2,
"type": "splunk",
"version": "2.0"
}