Splunk Enterprise Security

Splunk Enterprise Security 4.0.1: Is it possible to add the risk scores to the notable events listed in Incident Review?

sheamus69
Communicator

Is it possible to add the risk scores to the notable events listed in Incident Review?

I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.

What I would like to do is have the risk scores for a notable event logged in incident review as one of the columns.

Is this possible?

We're running Splunk Enterprise Security 4.0.1.

Thanks for the assistance,

Sheamus

0 Karma
1 Solution

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

View solution in original post

sheamus69
Communicator

It looks as if this is a feature of ES 4.1, so I will need to upgrade ES to test this out.

sheamus69
Communicator

Just to confirm, this was the case.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...