splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 4 LAB · LAB 4 — MAP A CIA RISK MATRIX· week 1
Plot a CIA risk matrix using ES Risk Analysis.
- ›Open Security Intelligence → top risk objects.
- ›Pick 5 assets, score Likelihood × Impact (1-5).
- ›Tag CIA pillar(s) violated.
- ›Identify top 3 to monitor.
Hint: Risk Analysis surfaces the highest-risk objects in the org — top of the list = top of your matrix.
Security Intelligence · Risk Analysis
Highest Risk Objects (computed)
| risk_object | type | sum(risk) |
|---|---|---|
| admin_svc | user | 256 |
| 10.4.12.91 | system | 240 |
| 10.4.12.50 | system | 215 |
| akumar | user | 127 |
| 10.2.7.110 | system | 78 |
| 203.0.113.42 | system | 65 |
MITRE ATT&CK Techniques (live)
| technique | count |
|---|---|
| T1110 | 1 |
| T1059.001 | 1 |
| T1071 | 1 |
| T1021.002 | 1 |
| T1486 | 1 |
| T1566.002 | 1 |
| T1078 | 1 |
| T1136.002 | 1 |
| T1048.003 | 1 |
| T1040 | 1 |
Drill-down
Risk scores aggregate live from current notables. Run adaptive responses in the modal to see scores update.