What are Event Actions?
According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, Event Actions are automated searches that can be used to pivot between related events and searches1.They are available in various tools, such as Event Search, Process Timeline, Host Timeline, etc1.You can select one or more events and perform various actions, such as show a process timeline, show a host timeline, show associated event data, show a +/- 10-minute window of events, etc1.These actions can help you investigate and analyze events more efficiently and effectively1.
Currently there are no comments in this discussion, be the first to comment!