Hi,
I'm in the process of tuning our riskscores, as applied to objects (users or assets) from a correlation search.
What I'm uncertain about is, once I have configured the scoring in a m...
...nomalous events and threat activities and uses an aggregation of events impacting a single riskobject, which can be an asset or identity, to generate risk notables inSplunkEnterpriseSecurity. 4. W...
I want to enable risk based alerting as a part of threat hunting. Usecase- lf a malicious file is transmitted, riskscore should be added by 10, if the file is triggered riskscore should be u...
Used a search from the SplunkRisk Framework page:
http://dev.splunk.com/view/enterprise-security/SP-CAAAFBD
Search:
| makeresults | eval risk_object="mysystem"
| sendalert risk p...