RBA Content Recommendations

With an understanding of what data you have, you can specify the types of security concerns you’re facing and then get a set of recommended content that will help with your roll-out of Risk-based Alerting.

  1. The Risk-based Alerting Content Recommendation dashboard is intended to provide you with a quick view of content related to a single category, that you can run with the data in your Splunk today. To start, select a category at the bottom – you’ll see how many pieces of content you already have deployed, and how many are available with your existing data.
  2. With one (or more) categories selected, the dashboard will then show you all of the content that you can leverage. You can click through to any of these to enable them, bookmark them, or more.
  3. This dashboard is built on the Data Inventory and Correlation Search Introspection, so if you haven’t configured those yet, make sure to visit those pages.