Skip to content
/ TA-notableeditor Public

A Splunk custom search command to mass edit notables

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dglauche/TA-notableeditor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
bin
bin
 
 
default
default
 
 
lib/splunklib
lib/splunklib
 
 
metadata
metadata
 
 
README.md
README.md
 
 

Repository files navigation

TA-notableeditor

This app provides a custom search command to mass edit notable events

Example

`notable` | head 10 | editnotables comment="some_comment" status="new" urgency="informational" newOwner="admin" disposition="Other"

`notable`
| eval notable_edit_disposition="True Positive - Suspicious Activity", notable_edit_status="closed", notable_edit_urgency="low", notable_edit_newOwner="admin", notable_edit_comment="asd"
| editnotables mode=single

About

A Splunk custom search command to mass edit notables

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 2

Updating splunklib & add per notable editing ability Latest
Aug 9, 2023
+ 1 release

Packages

No packages published

Languages