6. Research Observable in TruSTAR.

Updated 7 months ago by Steven Chamales

Research an Observable in TruSTAR.

This app includes a workflow action that enables the user to jump to an observable's graph view in TruSTAR.

More info about Splunk workflow actions:

- About Workflow Actions in SplunkWeb
Using the workflow action.

While viewing a log event, click the drop-down Actions carat to the right of the observable you'd like to research.

A drop-down menu will appear.

In the drop-down menu, click the "Research in TruSTAR: ____________" option.

How Did We Do?