A single metric that shows the relative risk of an entity. When a risk score surpasses a specified threshold over a period of time, analysts can focus their efforts on potentially connected behaviors associated with the entity to identify security threats. The risk score of an asset or identity is the sum of all the risk scores for risk events in the risk index that apply to the specific asset or identity over a period of time.
For more information
In Use Splunk Enterprise Security Risk-based Alerting: