Skip to main content
Splunk® Enterprise Security

Use Cases

Splunk® Enterprise Security
7.0.0
The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. To resolve redirect errors, you must use the version selector on the ES documentation homepage to navigate between the versions.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Increase risk factors to identify unauthorized usage

Ram can also increase the risk factor of privileged user accounts using the risk alerting framework of Splunk Enterprise Security.

If Ram sets an increased risk factor for these accounts, the risk- based alerting framework automatically drives higher risk scores for the account and the analyst is immediately notified about the high- urgency notable event.

IncreaseRiskFactors

Last modified on 19 January, 2022
Use correlation searches to monitor accounts  

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.0


Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters