Splunk Enterprise Security

Splunk Enterprise Security 4.0.1: Is it possible to add the risk scores to the notable events listed in Incident Review?

sheamus69
Communicator

Is it possible to add the risk scores to the notable events listed in Incident Review?

I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.

What I would like to do is have the risk scores for a notable event logged in incident review as one of the columns.

Is this possible?

We're running Splunk Enterprise Security 4.0.1.

Thanks for the assistance,

Sheamus

0 Karma
1 Solution

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

View solution in original post

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

View solution in original post

sheamus69
Communicator

Just to confirm, this was the case.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!