Splunk Enterprise Security

Splunk Enterprise Security 4.0.1: Is it possible to add the risk scores to the notable events listed in Incident Review?

sheamus69
Communicator

Is it possible to add the risk scores to the notable events listed in Incident Review?

I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.

What I would like to do is have the risk scores for a notable event logged in incident review as one of the columns.

Is this possible?

We're running Splunk Enterprise Security 4.0.1.

Thanks for the assistance,

Sheamus

0 Karma
1 Solution

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

View solution in original post

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

sheamus69
Communicator

Just to confirm, this was the case.

0 Karma
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...