Splunk® Enterprise Security

Use Splunk Enterprise Security Risk-based Alerting

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Use the Risk Analysis dashboard to monitor high risk user behavior

This is the fifth step in the Isolate user behaviors that pose threats with risk-based alerting scenario.

Ram can also use the Risk Analysis dashboard to display any recent changes to risk scores associated with high risk users and monitor users who have the highest risk scores.

Ram uses the Risk Object filter on the Risk Analysis dashboard to monitor high risk users. Ram scrolls to the panel for Risk Score By Object to drill down on the users with the highest risk score and monitor their behavior over time.

Alternatively, you can also build your own dashboards to monitor risk activity and fit your use case in Splunk Enterprise Security.

Next step

Investigate risk notables using Threat Topology visualization

See also

For more information on the Risk Analysis dashboard, see the product documentation:

Risk Analysis in the Use Splunk Enterprise Security manual

Customize Splunk Enterprise Security dashboards to fit your use case in the Use Splunk Enterprise Security manual

Last modified on 02 June, 2023
Increase risk factors to identify unauthorized usage   Investigate risk notables using Threat Topology visualization

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters