lsjackcyber
commented
1 year ago I was able to add the two roles(alertmanager, alertmanageruser) as a security group in active directory and then assign roles in the ldap settings in splunk. I've removed the admin_all_objects as well. My users are now able to assign incidents and create new incidents.
My users are not able to assign incidents to themselves or other users. I have the alert manager 3.0.11 I've set the alert_manager_User role for users and changed the capability to admin_all_Objects and I'm still not able to assign an incident to myself or anyone else.