leftrightleft
commented
9 months ago Hey @lorrainelopezFTFCU - The alerts in Splunk are webhook notifications. When a new alert, or change to an alert occurs, a webhook is fired and sent to Splunk. This means that historical alerts (before you configured the webhook) are not available. There is no backfill capability.
My suggestion is to use the security overview as the canonical list of alerts.
This Splunk integration is very good at showing activity during a specific time. It's also good for building workflows and automation when an event occurs. It's not able to provide a point in time count of open alerts.
In Github, I have over 2,000 Secret Scanning alerts. In Splunk, I only see about 500 of them. How can I pull the rest of the screts from Github or why am I not able to see historical data?