How to assign multiple risk object fields and object types in Riskanalysis response action. I know it's possible from search using appendpipe and sendalert but we want this to be added from the r...
When creating or editing a correlation search in Enterprise Security, Is there any way to use multiple fields on the RiskAnalysis response action?
As an example, I have a correlation search w...
Hi,
I have problems with the drilldown button in the "Risk Event Timeline" view for an Risk Notable.
When expanding Risk rules in the "Risk Event Timeline" view, you can click on a drilldown f...
Hello: I recently started playing with the Risk framework, RBA etc. Most of my RiskAnalysis dashboard is working within Enterprise Security - except for three (3) sections: Risk M...
Hi All,
There are few risk notable events getting generated in the Incident review page as part of correlation searches being run.
How can we exclude few users (who are from SOC team) from c...
This particular data model (RiskAnalysis) that comes with Splunk Enterprise Security is failing to build due to a calculated field that generates from the correlationsearches_lookup.
I believe t...
Hello,
I have Splunk enterprise security version 6.5.3.1 and am trying to create a dashboard for RiskAnalysis. When I click on the RiskAnalysis tab, I am not able to see any dashboards and a...
I have been trying to export results of the builtin RiskAnalysis dashboard for a quarterly report. Other dashboards in ES have the "Export" button in the upper right of the screen. The Risk...
...anner that I am happy with, can I reset all the scores currently applied to objects so as to operate from a fresh start? The existing risk scores, being poorly configured, would presumably skew any riskanalysis...