risk object

risk object


Any entity such as an asset, identity, user, or device in your network that generates machine data, which can be used by Splunk Enterprise Security to populate lookups and provide context to identify potential security threats.

For more information

In Use Splunk Enterprise Security Risk-based Alerting: