Aggregate risk attributions with the Analyze ES Risk Attributions dashboard
The Analyze ES Risk Attributions dashboard helps you understand the data provided by the Splunk Enterprise Security Risk Analysis Framework. The ES Risk Attributions dashboard looks at the content in the ES Risk Framework with default risk aggregations. It includes a customized MITRE ATT&CK Matrix based on your search filters which lets you see what techniques have been seen against a particular user, host, or network. You can enter any search string to use the dashboard to analyze a network or your entire organization.
Aggregating risk attributions is the core strength of this dashboard, and there is a series of charts that aggregate risk by various metrics.This dashboard also shows system wide metrics and information, many of which are focused on MITRE ATT&CK. For more information on MITRE ATT&CK, see The MITRE ATT&CK Framework dashboard.
There is also a straightforward sum of risk by object, which will let you see which objects are experiencing the greatest amount of risk.
| The Cyber Kill Chain dashboard | Check if your data is CIM-compliant with the Common Information Model Compliance Check dashboard |
This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0
Download manual
Feedback submitted, thanks!