1/13/2024 0 Comments Splunk itsi version![]() As correlation searches begin to generate notable events, the events are grouped into episodes using the notable event aggregation policies you configure in the next step.Ĭonfigure several correlation searches to bring in data to ITSI that you want to aggregate and send to Splunk SOAR (On-premises). You can configure a correlation search to generate a notable event, also known as an alert, when the search results meet specific conditions. Step 3: Configure IT Service IntelligenceĪfter you configure Splunk SOAR (On-premises), configure your ITSI environment to send episodes to Splunk SOAR (On-premises).Ī correlation search is a recurring search that scans multiple data sources for defined patterns. For more information, see Edit an automation user to view the REST API authorization token and associated assets. Provide the automation user's REST API authorization token value to Splunk SOAR (On-premises). Save the file and restart your Splunk software.Add the following stanza to disable HTTPS certificate validation:. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |