Hi Everyone
We have a discussion going on for enabling Splunk ES & Sentinal OOB plugin for SIR creation
The question now is whether aggregation will occur for SIRs created from different sources.
I mean if an SIR is created by Splunk and if the same information is available in the existing SIR created by Sentinal or or manually will that be aggregated? or will create a new SIR?
Thanks in advance
