List of all enabled correlation rules that generate a notable

| rest splunk_server=local count=0 /services/saved/searches | search action.notable="1" is_scheduled="1" disabled="0"
    `comment("PERFORM A REST COMMAND ON SAVED SEARCHES WHERE THE SEARCH GENERATES A NOTABLE, IS SCHEDULED AND IS NOT DISABLED")`
| table title action.notable.param.security_domain description search cron_schedule actions action.email.to action.notable.param.severity alert.suppress.fields alert.suppress.period action.notable.param.next_steps action.notable.param.rule_description action.risk.param._risk_score
     `comment("TABLE FIELDS”)`
Share This:
Tagged:

Leave A Comment?