Splunk® Enterprise Security

Use Cases

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Increase risk factors to identify unauthorized usage

Ram can also increase the risk factor of privileged user accounts using the risk alerting framework of Splunk Enterprise Security.

If Ram sets an increased risk factor for these accounts, the risk- based alerting framework automatically drives higher risk scores for the account and the analyst is immediately notified about the high- urgency notable event.

IncreaseRiskFactors
For more information on how risk factors work and assigning conditions to risk factors, see Create risk factors.

Last modified on 13 May, 2022
PREVIOUS
Use correlation searches to monitor accounts
 

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters