Where are attachments to investigations stored?
Where are attachments to investigations stored?
Attachments to investigations in Splunk Enterprise Security are stored in the KV Store. The KV Store is used to manage lookups and collections, making it well-suited for storing such data. This is consistent with the general usage of the KV Store for maintaining various types of supplementary data within Splunk.
A is correct. Some lookups are managed by the KV store Examples: incident review, threat intel collections