Skip to main content
 
 
Splunk Lantern

Enabling auto-refresh on the Analyst queue in Enterprise Security

 

You are a security operations center (SOC) analyst or administrator who frequently uses the Analyst queue in Splunk Enterprise Security. You’re looking for a way to streamline your workflow by enabling auto-refresh by default, so you don’t need to manually toggle it every time you log in.

Solution

This video shows you:

  • How to enable or disable auto-refresh manually in the Analyst queue (formerly Incident review).
  • Steps to configure auto-refresh as the default for all users by navigating to Configure > Findings and Investigations > Analyst Queue Settings and toggling the setting on.
  • The effect of enabling the default setting so auto-refresh will activate automatically each time you log into the Analyst queue unless you manually turn it off.

Next steps

This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the HoodResult Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.

In addition, these resources might help you understand and implement this guidance: