a JSON spec in alert_, which classifies actions and specifies other metadata expected by the adaptive response framework.a cim_actions.py library, which assists developers with building alert actions in a way that conforms to the common action model.The common action model consists of three components: Splunk developed the common action model to support the adaptive response framework in Splunk Enterprise Security, but it is not exclusive to that use case. Rather, it is a set of tools and best practices for creating alert actions that are consistent, robust, and easy to introspect. The common action model is a common information model for alert actions. Use the common action model to build custom alert actions
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |