![using splunk enterprise security using splunk enterprise security](https://en.ccbji.co.jp/upload/images/熊本新倉庫 内観①(web掲載用)(3).jpg)
From the Enterprise Security menu, select Investigation.Use the Risk tab in Workbench to display the risk modifiers, risk scores, graph charts for MITRE ATT&CKS for single or multiple artifacts in an investigation. Use the visuals and charts to investigate risk objects for a single artifact.Time chart displaying the MITRE ATT&CK Tactics Over Time.Time chart displaying the MITRE ATT&CK Techniques Over Time.Pie chart displaying the distribution of artifacts by MITRE ATT&CK tactics like discovery, persistence, defense evasion, and so on.Pie chart displaying the distribution of artifacts by MITRE ATT&CK techniques like Driven by Compromise, Account Manipulation, and so on.Risk scores by artifact and trends of risk modifiers over time.Recent risk modifiers that are applied to the risk objects.This opens the Embedded Workbench panel that displays the following items: Select the Workbench-Risk (risk_object) as Asset action.
![using splunk enterprise security using splunk enterprise security](https://raw.githubusercontent.com/tonytamsf/splunk-conf-rss/master/images/conf-logo.png)
The '''Destination''', '''User''', and '''Source''' fields function as risk objects during the investigation process.
![using splunk enterprise security using splunk enterprise security](https://www.devopsschool.com/blog/wp-content/uploads/2020/05/What-is-Splunk-Enterprise-Security-740x414.jpg)
Use the Workbench-Risk (risk_object) as Asset panels or the Risk tab in Workbench for an investigation to investigate risk objects so that you may identify specific workflow actions and streamline your threat investigation process.Īccess the Embedded Risk Workbench panels Risk workbench panels provide at-a-glace risk-based insight into the severity of the events occurring in your system or network, help to prioritize notable events, assign targeted notable events to security analysts for review, and examine specific notable annotations for investigations.Ĭlassify risk objects for targeted threat investigation When an excessive number of notable events are generated from correlation searches, it may be difficult to isolate the root problem in an investigation. Use the Workbench-Risk (risk_object) as Asset workflow action panels or the Risk tab in Workbench for an investigation to visually classify the risk objects based on risk modifiers, risk scores, MITRE ATT&CK techniques, and tactics. Identify annotations based risk objects in Splunk Enterprise Security