Re: Risk Analysis Dashboard - Risk Modifiers by An...

mjuestel2 · ‎10-12-2023

Hello:

I recently started playing with the Risk framework, RBA etc. Most of my Risk Analysis dashboard is working within Enterprise Security - except for three (3) sections:

Risk Modifiers By Annotations
Risk Score By Annotations
Risk Modifiers By Threat Object

For the annotations part - we do manually tag Mitre Attack tactics within our content, so not sure why these panels do not show anything.

Also, does anyone know what savedsearches run in the background to populate these panels? I'd like to double check to make sure I have these enabled.

Thanks!

meetmshah · ‎10-12-2023

Hello @mjuestel2,

The annotations Dashboard would be based on the MITRE Technique value we provide in the correlation searches. Also, it's not savedsearches based on which panels work upon - it's the Risk Data Model -

Please let me know if you have any questions about the same. Also, please accept the solution and hit Karma, if this helps!

Risk Analysis Dashboard - Risk Modifiers by Annotations

administration

configuration

risk analysis

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation