Use the Risk Analysis dashboard to monitor high risk user behavior
This is the fifth step in the Isolate user behaviors that pose threats with risk-based alerting scenario.
Ram can also use the Risk Analysis dashboard to display any recent changes to risk scores associated with high risk users and monitor users who have the highest risk scores.
Ram uses the Risk Object filter on the Risk Analysis dashboard to monitor high risk users. Ram scrolls to the panel for Risk Score By Object to drill down on the users with the highest risk score and monitor their behavior over time.
Alternatively, you can also build your own dashboards to monitor risk activity and fit your use case in Splunk Enterprise Security.
Next step
Investigate risk notables using Threat Topology visualization
See also
For more information on the Risk Analysis dashboard, see the product documentation:
Risk Analysis in the Use Splunk Enterprise Security manual
Customize Splunk Enterprise Security dashboards to fit your use case in the Use Splunk Enterprise Security manual
| Increase risk factors to identify unauthorized usage | Investigate risk notables using Threat Topology visualization |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1, 7.3.2
Download manual
Feedback submitted, thanks!