Create an ad hoc risk entry in Splunk Enterprise Security
Creating an ad-hoc risk entry allows you to make a manual, one-time adjustment to an object's risk score. You can use it to add a positive or negative number to the risk score of an object.
- Select Security Intelligence > Risk Analysis.
- Click Create Ad-hoc Risk Entry.
- Complete the form.
Ad-hoc Risk Score field | Description |
---|---|
Score | The number added to a Risk object. Can be a positive or negative integer. |
Description | A reason or note for manually adjusting an object's risk score. The Description field is mandatory for an ad hoc risk score. |
Risk object | Text field. Wildcard with an asterisk (*) |
Risk object type | Drop-down: select to filter by. |
Analyze risk in Splunk Enterprise Security | Create a glass table in |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0
Feedback submitted, thanks!