Is it possible to add the risk scores to the notable events listed in Incident Review?
I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.
What I would like to do is have the risk scores for a notable event logged in incident review as one of the columns.
Is this possible?
We're running Splunk Enterprise Security 4.0.1.
Thanks for the assistance,