Ram can also increase the risk factor of privileged user accounts using the risk alerting framework of Splunk Enterprise Security.
If Ram sets an increased risk factor for these accounts, the risk- based alerting framework automatically drives higher risk scores for the account and the analyst is immediately notified about the high- urgency notable event.
For more information on how risk factors work and assigning conditions to risk factors, see Create risk factors.
Use correlation searches to monitor accounts
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2