...hich we need toassignrisk, e.g. src, dest, users. When we and the "| sendalert risk" components to the correlation searches, notable events no longer generate and riskscores are NOT applied. When w...
For new RBA users, here are some frequently asked questions to help you better get started with the product. 1. What is RBA(Risk-based Alerting)? Risk-Based Alerting (RBA) is Splunk's m...
...et the urgency for my notable events to Critical if the users or assets have a really high amount of risk. Particularly when there are many different users or assets involved!