Cancel threat analysis jobs

You can cancel a single threat analysis job in a finding or investigation, or you can cancel all the pending jobs across one or more findings or investigations.

Cancel a pending threat analysis job
  1. In Splunk Enterprise Security, select Mission Control.
  2. From the queue you're working in, select a finding or investigation with a pending threat analysis job.
  3. In the Threat analysis section of the side panel, select Cancel job.
Cancel jobs in bulk
  1. From the queue you're working in, select the checkboxes next to each finding and investigation that has pending jobs you want to cancel.
    Tip:

    Use the search bar or filter controls to narrow the queue before selecting findings to make bulk selection faster.

  2. Select the Cancel job bulk action option at the top of the queue.

The selected jobs are removed from the list of threat analysis jobs to-be run. Jobs that are already complete are not affected.

For advanced investigation or to manage submitted jobs, open the Splunk Attack Analyzer application. See Get data into Splunk Attack Analyzer or Analyze completed jobs with Splunk Attack Analyzer.