Hi peeps,
We were fine tuning the Notable Event, and there were fields that were not showing any values. Those fields are the RiskScore, Risk Event and Risk Object. We have configure the value u...
Hi,
I'm in the process of tuning our riskscores, as applied to objects (users or assets) from a correlation search.
What I'm uncertain about is, once I have configured the scoring in a m...
Hi Folks, lately MC started behaving little wired, after performing investigation whenever SOC analyst trying to reduce the riskscore of an object, user sometimes instead of reducing the risk...
...etails:
Title
Description
Severity
Status (enabled / disabled)
Risk Object field (optional, but nice to have)
Risk Object Type
RiskScore
I have put together the following:
|r...
So basically I'm trying to generate an event when a riskscore above 100 is generated, I've come up with the below search string. Please, can you help me in identifying if anything needs to be c...
Hello, We ingest logs from another vendor to Splunk, each event contains a "score" field which is predetermined by the 3rd party ranging from 0 - 100. Is there away to add that field value to the risk...
Is it possible to add the riskscores to the notable events listed in Incident Review?
I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the s...
...o apply a custom formula to assign a riskscore that also uses the total amount of scanned hosts and how many are vulnerable. There are two separate searches that obtain the vulnerable and total h...
I would like to set a custom riskscore based on the number of failed authentication attempts by a user. I created the search:
index=msadauth EventID=4771 OR EventID=4768 OR EventID=4776 a...