Awesome

RBA-ES6.6-Demo-Dashboards (DEPRECATED)

I am no longer supporting these reference dashboards but fear not, RBA is still thriving. Haylee Mills is at the helm and maintaining a fork of this repo. Check it out here.

This repo contains dashboards that Splunk Enterprise Security customers who have deployed Risk-Based Alerting (RBA) may find useful.

risk_attributions.xml: The Investigative dashboard built on top of the Risk Analysis Dashboard

audit_attribution_analytics: A dashboard containin multiple views offering insight into the tuning process

attack_matrix_risk_view: A dashboard offering insight into buisness drivers such as MITRE ATT&CK techniques both covered and obverved in an environment, tactics/techniques over time, or scoring by tag.

Dependencies

Enterprise Security version 6.6+ which contains the underlying mechanics upon which these dashboards are built.