My Playbook cannot be find in Alerts dashboard

dadataz · ‎04-22-2020

Hello,

I'm on Splunk 7.3.3

with the "Security Monitoring for Splunk" https://splunkbase.splunk.com/app/4131

I have install all the addons.

I have create a Playbook Entries, but when i try to find it in the dashboard "Alerts" where you can find all your schedule alerts, i only have my personnal rules, rules from this app but not my new rules.
I notice on the playbook the owner is admin and the others pre-rules are Monitoring App.

Any idea why i can't find my rule ? I cannot configure the workflow in this case.

Best regards

dadataz · ‎04-22-2020

I check the "Searches, Reports, and Alerts" for the "App: Security Monitoring for Splunk (security_monitoring_for_splunk)"
I find the default rule for exemple : "5001-INV-Incorrectly_Routed_DNS_Traffic" when you click on edit just show Edit permission, Edit Alert Disable, Advanced Edit and Clone.
Instead the rules i have create have : edit Search, Edit Permissions, Edit Schedule, Edit Acceleration, Edit Summary Indexing, Disable, Advanced Edit, clone, embed, move and Delete.

dadataz · ‎04-22-2020

I just saw this is creating a report, not an alert.

My Playbook cannot be find in Alerts dashboard

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...