Create risk and edit risk objects in Splunk Enterprise Security
As a Splunk Enterprise Security administrator, you can create and edit risk objects to categorize anything to which you assigned a risk score. For example, you might categorize a laptop as a "system" risk object type and an identity as a "user" risk object type.
Create a new risk object
Follow these steps to create a new risk object:
- In Splunk Enterprise Security, select Configure > Content > Content Management.
- From the Type drop-down list, select Managed Lookup.
- (Optional) In the Search filter, enter risk object types.
- Select the Risk Object Types list.
- Highlight and select the last risk_object_type cell in the table to see the table editor.
- Insert a new row into the table.
- Double-click in the new row to edit it, then add the new object type name.
- Save the changes.
Edit an existing risk object
Follow these steps to edit a risk object:
- In Splunk Enterprise Security, select Configure > Content > Content Management.
- From the Type drop-down list, select Managed Lookup.
- (Optional) In the Search filter, enter risk object types.
- Select the Risk Object Types list.
- Highlight and select the risk object type and change the name.
- Save the changes.
See also
For more information about risk objects, see the product documentation.
How risk objects impact risk scores in Splunk Enterprise Security