Solved: Splunk Enterprise Security 4.0.1: Is it possible t...

sheamus69 · ‎05-25-2016

Is it possible to add the risk scores to the notable events listed in Incident Review?

I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.

What I would like to do is have the risk scores for a notable event logged in incident review as one of the columns.

Is this possible?

We're running Splunk Enterprise Security 4.0.1.

Thanks for the assistance,

Sheamus

sheamus69 · ‎05-31-2016

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

sheamus69 · ‎05-31-2016

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

sheamus69 · ‎06-24-2016

Just to confirm, this was the case.

Splunk Enterprise Security 4.0.1: Is it possible to add the risk scores to the notable events listed in Incident Review?