Events and artifacts with deleted severities will appear lower than those with active severities in sorted lists in the Analyst Queue and Investigation.Using the graphical user interface, you cannot create a container with a deleted severity or change a container's severity to a deleted severity.You cannot filter by disabled severities in Analyst Queue.Severity names which have been deleted are shown in all these areas using strikethrough text.ĭeleted severities have a few other impacts, such as: Changing a severity name does not update closed events, cases, or artifacts.ĭeleted severity names show in search results, the Analyst Queue, Investigation, and dashboard widgets where appropriate. Deleting a severity name from the active severity list does not remove that severity name from the database.ĭeleting a severity name does not change the severity of a case, event, or artifact. Severity names are stored in Splunk Phantom's internal database. A severity name which has been deleted can be reactivated by creating a new severity with the same name.However, even if they are deleted, your ingestion apps will still be able to use the severity names High, Medium, and Low. The default severity names High, Medium, and Low can be deleted.To change a severity name, delete it and recreate the severity name. Severity names can be up to 20 characters long. ![]() A severity name can consist only of the ASCII characters A-Z, a-z, numerals 0-9, dash ( - ), or underscore ( _ ).You can have up to 10 active severity names.Additional severity names can be defined by a Splunk Phantom administrator. Your organization might need additional levels of severity to match your business processes. ![]() Splunk Phantom ships with three predefined severity names: High, Medium, and Low. Supported methods are GET, POST, and DELETE. See REST Notification.You can manage the severities using REST. The output is similar to /rest/notification//detail_summary_view used for mobile. The response varies depending on the notification type, which is a sub-type of approvals. Mapping for prettifying notification types, such as: The due time minus the current time, in seconds. It returns a dictionary that organizes the response answer percentage by response.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |