Is it possible to add the risk scores to the notables listed in Incident Review?
I think it's possible to achieve this with UBA, but I don't have UBA and am unlikely to have it in the short to medium term.
What I would like to do is have the risk scores for a notable logged in incident review as one of the columns.
Is this possible?
We're running splunk ES 4.0.1.
Thanks for the assistance,
Sheamus
↧