Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

Aggregate risk attributions with the Analyze ES Risk Attributions dashboard

The Analyze ES Risk Attributions dashboard helps you understand the data provided by the Splunk Enterprise Security Risk Analysis Framework. The ES Risk Attributions dashboard looks at the content in the ES Risk Framework with default risk aggregations. It includes a customized MITRE ATT&CK Matrix based on your search filters which lets you see what techniques have been seen against a particular user, host, or network. You can enter any search string to use the dashboard to analyze a network or your entire organization.

Aggregating risk attributions is the core strength of this dashboard, and there is a series of charts that aggregate risk by various metrics.This dashboard also shows system wide metrics and information, many of which are focused on MITRE ATT&CK. For more information on MITRE ATT&CK, see The MITRE ATT&CK Framework dashboard.

There is also a straightforward sum of risk by object, which will let you see which objects are experiencing the greatest amount of risk.

Last modified on 06 January, 2021
The Cyber Kill Chain dashboard   Check if your data is CIM-compliant with the Common Information Model Compliance Check dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters