We have created a large amount of custom Adaptive response actions that primarily consist of actions that fetch information from the internet using API calls.
All the apps were created using the latest version of Splunk add-on builder, we have over 12 TA apps at the moment some of them implement up to 4 alert actions.
The problem that we are facing is that while all of these apps are installing correctly and are visible in the Alert actions view, not all the actions are visible in the Enterprise Security drop-down list (While creating a correlation search), only a certain number of actions are visible. Our use case requires multiple adaptive response to actions be executed during notable event creation.
All of these actions (Including the missing entries) can be executed using the sendalert command and passing the parameters manually.
What could be the cause of this? Could it be an app import issue in ES?
... View more