Manage risk factors to track evolving security threats in Splunk Enterprise Security
Manage existing risk factors in Splunk Enterprise Security to track evolving security threats. You can monitor and edit existing risk factors in your deployment using the Risk Factor Editor.
Access the Risk Factor Editor to manage risk factors
- From the Splunk Enterprise Security menu, select Configure > Content > Content Management.
- (Optional) From the Type list filter, select Risk Factors.
This sorts and displays the list of existing risk factors. - From the Create New Content list, select Risk Factors.
This opens the Risk Factor Editor.
Use Splunk Enterprise Security Risk Factor Editor for the following actions:
- Identify existing list of risk factors in your deployment by viewing the list displayed on the Risk factor Editor.
- Search for specific risk factors by entering the name in the search bar on the left pane of the editor.
- Sort risk factors based on the name, the expression group, or the score of the risk factor. From the Sort By menu in the editor, select Name, Operation, or Value to display the sorted list of the risk factors.
- Display disabled risk factors by toggling the Show disabled button. This displays the list of disabled risk factors.
- Enable risk factors by toggling the Enable button for the specific risk factor. Alternatively, you can enable any of the risk factors by dragging the Enable button for the specific risk factor in the center pane. You can activate risk factors based on your requirements and evolving security threats over time.
- Delete risk factors by selecting the Delete button from the menu associated with the specific risk factor.
- Clone risk factors by selecting the Clone button from the menu associated with the specific risk factor.
- View matching risk events based on specified conditions or risk factors that are similar to the one you are editing in the right panel of the Risk Factor editor.
See also
For more information about risk factors, see the product documentation.
Create risk factors in Splunk Enterprise Security
Use default risk factors for guidance to create risk factors in Splunk Enterprise Security
Troubleshoot upgrade issues with risk factors
Customizing risk factors by applying conditions to data fields
Create risk factors to adjust risk scores in Splunk Enterprise Security | Default risk factors in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.3.2
Feedback submitted, thanks!