This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Create risk and edit risk objects in Splunk Enterprise Security
As a Splunk Enterprise Security administrator, you can create and edit risk objects to categorize anything to which you assigned a risk score. For example, you might categorize a laptop as a "system" risk object type and an identity as a "user" risk object type.
Create a new risk object
Follow these steps to create a new risk object:
- In Splunk Enterprise Security, select Configure > Content > Content Management.
- From the Type drop-down list, select Managed Lookup.
- (Optional) In the Search filter, enter
risk object types. - Select the Risk Object Types list.
- Highlight and select the last risk_object_type cell in the table to see the table editor.
- Insert a new row into the table.
- Double-click in the new row to edit it, then add the new object type name.
- Save the changes.
Edit an existing risk object
Follow these steps to edit a risk object:
- In Splunk Enterprise Security, select Configure > Content > Content Management.
- From the Type drop-down list, select Managed Lookup.
- (Optional) In the Search filter, enter
risk object types. - Select the Risk Object Types list.
- Highlight and select the risk object type and change the name.
- Save the changes.
See also
For more information about risk objects, see the product documentation.
How risk objects impact risk scores in Splunk Enterprise Security
Last modified on 06 March, 2023
| How risk objects impact risk scores in Splunk Enterprise Security | How risk modifiers impact risk scores in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.3.2
Download manual
Feedback submitted, thanks!