Splunk® Enterprise Security

Use Splunk Enterprise Security

Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Download topic as PDF

Create an ad hoc risk entry in Splunk Enterprise Security

Creating an ad-hoc risk entry allows you to make a manual, one-time adjustment to an object's risk score. You can use it to add a positive or negative number to the risk score of an object.

  1. Select Security Intelligence > Risk Analysis.
  2. Click Create Ad-hoc Risk Entry.
  3. Complete the form.
Ad-hoc Risk Score field Description
Score The number added to a Risk object. Can be a positive or negative integer.
Description A reason or note for manually adjusting an object's risk score. The Description field is mandatory for an ad hoc risk score.
Risk object Text field. Wildcard with an asterisk (*)
Risk object type Drop-down: select to filter by.
Last modified on 09 July, 2020
PREVIOUS
Analyze risk in Splunk Enterprise Security
  NEXT
Create a glass table in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters