This workflow template enables teams to perform targeted threat hunting by running a Simple Splunk Query with the added flexibility of Optional Return Field Filters. If specific fields are not required, operators can utilize the optional field filters to refine the dataset and streamline the resulting output. This efficiency is crucial for identifying threats faster and more accurately, especially when integrated into a nested workflow for simplified operations.
Optional Triggers
"Nested Workflow",Webhook
Use Cases
Threat Hunting
Workflow Breakdown
Provide the search query and optional field filters
Output will be provided once the search job is finishes
Vendors
Utils, Splunk
Workflow Output
Success/Failure
Tips
If a static IP address is required for Splunk, use a step-runner to execute the Splunk steps