Overview¶

Splunk App for Shared Alerting gives both security and IT teams insights into what the other team is aware of and working on, allowing cross team collaboration and faster time to resolve/recover. It gives these teams better visibility of what is happening in their environment, regardless of it being a security or IT event. It does this by sharing relevant information like Enterprise Security (ES) notables and IT Service Intelligence (ITSI) episodes with the different operations teams. All while allowing each operation team to remain in the tool they are used to working out of (ES and ITSI).

This app is primarily composed of backend searches that extract ES notables and ITSI episodes and share them via an index. Correlation searches in ES and ITSI are run against these shared indexes to create new notables in the appropriate premium application.