According to the Splunk Enterprise Security documentation, only users with the ess_admin role or the Manage All Investigations capability can delete an investigation. The investigation owner and collaborators can edit the investigation, but not delete it. Therefore, the correct answer is A. ess_admin users only. References = Manage investigations in Splunk Enterprise Security
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit