-
Notifications
You must be signed in to change notification settings - Fork 2
Home
my2ndhead edited this page Jul 15, 2015
·
7 revisions
#Welcome Welcome to the Risk Manager wiki. There are a few important sub-pages we'd like to highlight:
The Risk Manager adds risk scoring and risk analytics functionality to Splunk. The app can be used to assign risk scores to risk objects, and track accumulated risk score over time. Risk Manager is a general purpose app, that can be used for security use cases (e.g. user behavior over time), but also for IT Ops use cases to e.g. track asset risks over time.
Risk Manager brings:
- Awareness of your current risk situation with a risk overview dashboard
- A risk analysis dashboard to per risk object scoring and risk events over time
- A risk search dashboard to investigate on risk events and drilldown into details
- A risk data model that provides the basis for pivoting
- Collection of contributing data, that caused the risk scoring
- Optional hashing and encryption of data, for privacy/compliance reasons
#Features
- Works as scripted alert action to find risk object and assign risk score to them
- Each fired alert creates risk events for pre-configured objects
- The risk objects get a a score that has been pre-configured.
- Risk scores are accumulated to risk object
- Data that is contributing to/(causing) risk events can be store into a KV Store collection for later analysis
- Contributing data can optionally be encrypted with asymmetric encryption algorithms (public-key encryption). This needs the optional "Support Add-on for Hypercrypto" https://github.com/my2ndhead/SA-hypercrypto