Create risk and edit risk objects in Splunk Enterprise Security
As an ES Admin, you can create and edit risk objects to categorize anything that you assign a risk score. For example, you might categorize a laptop as a "system" risk object type and an identity as a "user" risk object type.
Create a new risk object
- From the Enterprise Security menu, select Configure > Content > Content Management.
- From the Type drop-down filter, select Managed Lookup.
- (Optional) In the Search filter, type
risk object types
. - Select the Risk Object Types list.
- Highlight the last risk_object_type cell in the table and right-click to see the table editor.
- Insert a new row into the table.
- Double-click in the new row to edit it, then add the new object type name.
- Save the changes.
Edit an existing risk object
- From the Enterprise Security menu, select Configure > Content > Content Management.
- From the Type drop-down filter, select Managed Lookup.
- (Optional) In the Search filter, type
risk object types
. - Select the Risk Object Types list.
- Highlight the risk object type and change the name.
- Save the changes.
Manage internal lookups in Splunk Enterprise Security | Create risk factors in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2
Feedback submitted, thanks!