Splunk® Enterprise Security

Administer Splunk Enterprise Security

Download manual as PDF

Download topic as PDF

Create risk and edit risk objects in Splunk Enterprise Security

As an ES Admin, you can create and edit risk objects.

Create a new risk object

  1. From the Enterprise Security menu, select Configure > Content > Content Management.
  2. From the Type drop-down filter, select Lookup.
  3. (Optional) In the Search filter, type risk object types.
  4. Select the Risk Object Types list.
  5. Highlight the last risk_object_type cell in the table and right-click to see the table editor.
  6. Insert a new row into the table.
  7. Double-click in the new row to edit it, then add the new object type name.
  8. Save the changes.

Edit an existing risk object

  1. From the Enterprise Security menu, select Configure > Content > Content Management.
  2. From the Type drop-down filter, select Lookup.
  3. (Optional) In the Search filter, type risk object types.
  4. Select the Risk Object Types list.
  5. Highlight the risk object type and change the name.
  6. Save the changes.
PREVIOUS
Manage internal lookups in Splunk Enterprise Security
  NEXT
Expand Content Management searches to view dependency and usage information in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters