This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Create risk object types in Splunk Enterprise Security
Create and edit risk object types to categorize any entity to which you assign a risk score. For example, you might categorize a laptop as a "system" risk object type and an identity as a "user" risk object type.
Create a new risk object type
Follow these steps to create a new risk object type:
- From the Enterprise Security menu, select Configure > Content > Content Management.
- From the Type drop-down filter, select Managed Lookup.
- (Optional) In the Search filter, type
risk object types. - Select the Risk Object Types list.
- Highlight the last risk_object_type cell in the table and right-click to see the table editor.
- Insert a new row into the table.
- Double-click in the new row to edit it, then add the new object type name.
- Save the changes.
Edit an existing risk object type
Follow these steps to edit an existing risk object type:
- From the Enterprise Security menu, select Configure > Content > Content Management.
- From the Type drop-down filter, select Managed Lookup.
- (Optional) In the Search filter, type
risk object types. - Select the Risk Object Types list.
- Highlight the risk object type and change the name.
- Save the changes.
Last modified on 23 January, 2023
This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1
Feedback submitted, thanks!