Hi Fellow splunkers,
I have a simple search that will alert an IDS event. My question is, is there a possibility to embed actions on the email alert? I have been digging on the tokens, but it seems it's not possible.
Wample table.
victimIP,attackerIP,pcap_id
I want that pcap_id to have a link for the user to download.
Thank you
↧