Splunk Enterprise Security

Splunk Enterprise Security 4.0.1: Is it possible to add the risk scores to the notable events listed in Incident Review?

sheamus69
Communicator

Is it possible to add the risk scores to the notable events listed in Incident Review?

I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.

What I would like to do is have the risk scores for a notable event logged in incident review as one of the columns.

Is this possible?

We're running Splunk Enterprise Security 4.0.1.

Thanks for the assistance,

Sheamus

0 Karma
1 Solution

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

View solution in original post

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

sheamus69
Communicator

Just to confirm, this was the case.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...