With Security Essentials, I get an error:
[Indexer] Streamed search execute failed because: Error in 'lookup' command: Lookups: The lookup table 'PrivilegedRiskScores' does not exist or is not available.
Must have a risk index Error
This search presumes the presence of Splunk Enteprise Security to provide the Risk Framework. Reach out to your Splunk team to find out more about Splunk ES, or adapt this search for your own list of risk events.
There is, indeed, index="risk"
And the Risk Analysis Datamodel exists.
However, there is no defined Automatic Lookup with "Privilege"