A set of rules or tuning factors to dynamically calculate risk scores for an entity, such as an asset, identity, user, or device. You can use risk factors to precisely isolate threats and prioritize suspicious behavior with Splunk Enterprise Security. Using risk factors, you can increase or decrease the original risk score with addition or multiplication operations. For example, you can increase the risk score on a laptop, which might be targeted because it belongs to a director of a company, by a factor of two.
For more information
In Use Splunk Enterprise Security Risk-based Alerting: