Gather events with the Risk-based Alerting dashboard
The Risk-based Alerting Content Recommendation dashboard gathers possibly risky events together for analysts to view in one place.
Prerequisites
Configure the Data Inventory dashboard and Content Mapping. For more information, see Configure the products you have in your environment with the Data Inventory dashboard or Track active content in Splunk Security Essentials using Content Mapping.
Steps
- In Splunk Security Essentials, navigate to Analytics Advisor > Risk-based Alerting Content Recommendation.
- Select a category to see how many pieces of content you already deployed and how many are available with your existing data.
- (Optional) Use the Apps filter to further filter on where you want the content recommendation to come from.
With one or more categories selected, the dashboard shows you all of the content that you can leverage. You can click through to any of these to activate them, bookmark them, or more.
Find content with the MITRE ATT&CK-Driven Content Recommendation dashboard | Aggregate risk attributions with the Analyze ES Risk Attributions dashboard |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1
Feedback submitted, thanks!