Risk Super Handler

The Risk Super handler for Splunk Enterprise security provides services for: - Generating risk events using the Splunk Enterprise Security risk framework for Risk Based Alerting purposes (RBA) with additional levels of features - Centralizing the risk definition in a central lookup file referencial, rather than configured on a per correlation search basis - Defining a use case reference logic, which is used to lookup the risk definition and allows advanced dynamic rule definition use cases - Allowing different levels of risk objects definition, with different risk messages and risk score per risk object - Facilitating the transition from a traditional SIEM detection per use case to a Risk Based Alerting approach (RBA) For more information: https://ta-risk-superhandler.readthedocs.io