Create a Splunk Rule
Use the following procedure to create a rule containing the splunk alert service:
Procedure
Step 1 | In the Security Cloud Control platform menu, choose . |
Step 2 | Navigate to . |
Step 3 | Click Create. |
Step 4 | Profile Name - Enter unique name for the integration. Example |
Step 5 | (Optional)Description - Enter a description for the aler trule. |
Step 6 | Alert Profile - Expand the drop-down menu and select a Microsoft Teams alert profile. |
Step 7 | Type - Expand the drop-down menu and select one of the following types:
If you select Audit Logs, there are no other configurable items. Click Save to finalize the rule. |
Step 8 | If you select either System Logs or Discovery as your Type, then expand the Sub Type drp-down menu and select one of the following options:
|
Step 9 | Expand the Severitydrop-down menu and select one of the following labels. Note that the options below are dependent on the Type you selected in step 7.
|
Step 10 | Enabled - This option is checked by default to enable and implement this alert immediately after saving. Unceck this box if you do not to immediately apply the rule to your environment. |
Step 11 | Click Save. |