Part 4: Review risk using the Risk Analysis dashboard

The Risk Analysis dashboard displays risk-related information for your security operations center (SOC).

Follow these steps to use the Risk Analysis dashboard to review the risk in your environment:

  1. In Splunk Enterprise Security, go to Security Intelligence.
  2. Select Risk Analysis.
  3. Select All Time.
  4. Explore the Risk Analysis dashboard to identify the risk objects with excessively high-risk scores that you might want to investigate further. This screen image shows the Risk Anlaysis dashboard to identify the risk objects with excessively high risk scores.
  5. Review the relationships between risk scores, risk objects, and count to get deeper insight into the behavioral context of the risk activity. This screen image shows the relationships between risk scores, risk objects, and count to get context of the risk activity.
  6. Review the threat objects and risk objects by drilling down based on their time of occurrence and establish patterns in the adversarial activity. This screen image shows the threat objects and risk objects through drill down.
  7. Review the risk objects that have a high risk score or multiple tactics associated with them. This screen image shows the risk objects that have a high risk score or multiple tactics.
  8. Review the dashboard to identify risk notables that you might want to suppress such as system level alerts. This screen image shows the risk notables that you might want to suppress.

See also

For more information on the Risk Analysis dashboard, see the product documentation:

Risk Analysis dashboard in Use Splunk Enterprise Security manual.