Create risk and edit risk objects in Splunk Enterprise Security
As an ES Admin, you can create and edit risk objects to categorize anything that you assign a risk score. For example, you might categorize a laptop as a "system" risk object type and an identity as a "user" risk object type.
Create a new risk object
- From the Enterprise Security menu, select Configure > Content > Content Management.
- From the Type drop-down filter, select Managed Lookup.
- (Optional) In the Search filter, type
risk object types
. - Select the Risk Object Types list.
- Highlight the last risk_object_type cell in the table and right-click to see the table editor.
- Insert a new row into the table.
- Double-click in the new row to edit it, then add the new object type name.
- Save the changes.
Edit an existing risk object
- From the Enterprise Security menu, select Configure > Content > Content Management.
- From the Type drop-down filter, select Managed Lookup.
- (Optional) In the Search filter, type
risk object types
. - Select the Risk Object Types list.
- Highlight the risk object type and change the name.
- Save the changes.
Manage internal lookups in Splunk Enterprise Security | Expand Content Management searches to view dependency and usage information in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only, 6.6.0, 6.6.2
Feedback submitted, thanks!