Splunk Add-on Guide v1.0

Product Documentation

Abstract

Content

Download Splunk Add-on Guide at bottom of this article.

We have released https://splunkbase.splunk.com/app/3861/

This replaces the previous Resilient Splunk add-on. That version will be retired (although it is still supported for existing customers who are using it).

In this release, escalation uses the new Splunk Adaptive Response mechanism, which means that
- The integration now supports escalation from Splunk Enterprise Security (ES) Notable Events.
- The integration also supports escalation from Splunk.
- The integration also supports manual escalation, by choosing a manual response action to escalate.
- Additionally, the Notable Event information is available within Resilient, so you can use custom actions to interact with the Notable Event after escalation.

Escalation can populate incident fields and artifacts. Overall escalation features are similar to the previous version.

Resilient_Systems_Splunk_Add-On_Guide.pdf

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Splunk Add-on Guide v1.0

Product Documentation

Abstract

Content

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?