The value in the red box is an IP address rating. This is a numerical value that represents the risk associated with an IP address. The higher the value, the higher the risk. This value is calculated based on the number of security events associated with the IP address, the severity of those events, and the time since the last event. References:
Administering Splunk Enterprise Security
Splunk Enterprise security Admin
IP Intelligence
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit