Hi Splunkers,
I just created a saved search and my agenda is to write the event to threat_activity index.
To do this i need to enable "action.threat_activity" param to 1. But when i change the parameter to 1 and save it its not updating instead its showing as action.threat_activity=0.
Is there a work around on this issue. The only thing i need is to write the saved search result to threat_activity.
Kindly help
![alt text][1]
[1]: /storage/temp/256609-advanced-edit.jpg
↧
Unable to set the "action.threat_activity" to "1" from the advanced edit option of the saved search
↧