-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create attribute in event using Adaptive Response Actions within ES notable #263
Comments
Hello,
Thank you for using MISP42.
I develop it on a platform without entreprise security app so it is difficult to test that part.
I configured the conf files from what i have understood on documentation
Clearly i would need to test from the UI the ARA and what differs from a classical alert action
I don't know if you can define an action on the UI that would leverage sendalert to emulate alert action
Keep me posted
best regards
Remi
|
hkelley
changed the title
Create attribute in even using Adaptive Response Actions within ES notable
Create attribute in event using Adaptive Response Actions within ES notable
May 20, 2024
I will poke around. I haven't done it before, either, so I'm following this guide. https://dev.splunk.com/enterprise/docs/devtools/enterprisesecurity/adaptiveresponseframework/createadaptiveresponseaction/ Most of the files mentioned there already exist in the app so it may be as simple as a few settings/conf files. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I may be missing it, but I don't see how to add an attribute to that event via the Splunk adaptive response action (as one might within an ES notable)
I see the option to create a MISP event and the option to send a sighting, but not to create the attribute via UI. Obviouly the search-driven capability is there, but I'm envisioning a UI method so that an analyst can push after notable review.
The text was updated successfully, but these errors were encountered: