Discover, share, and install apps and add-ons with the Splunk community on Splunkbase. Publish your own or add others to your Splunk platform instance.
Streamline your security operations with a SOAR system that integrates orchestration, playbook automation, and case management to enhance threat response.
Access and share apps and add-ons with the Splunk community on Splunkbase. Publish your own apps, or download and install others on your Splunk platform instance.
Turn on or turn off behavior-based detections in the risk or test index
You can turn on or turn off behavior-based detections in two indexes: risk or ba_test. Turning on the detection allows it to generate findings in that index. By default, behavior-based detections for cloud deployments are turned on in the test index, ba_test.
In Splunk Enterprise Security, select Security content and then select Content management.
To filter for behavior-based detections, change the Type filter to Behavior-based detection .
Select the link for the detection that you want to turn on or turn off.
To turn on a detection, select Turn on in risk index or Turn on in test index for the index you want to generate findings in.
To turn off a detection so that it doesn't create findings in any index, select Off.