Hello,
I'm unable to get field validation in a custom Adaptive Response Action in Splunk Enterprise Security. What I would achieve is field validation that obliges the user to fill the field (required field) but I can't get even the simplest validation working. When I click on the run button in the adaptive actions modal view on the incident I get no validation but a message saying "action has been dispatched".
Furthermore which field should I put in alert_actions.conf.spec and savedsearched.conf.spec, the documentation I have read is quite vague.
Thanks!
↧