Which data model populated the panels on the Risk Analysis dashboard?

The Risk Analysis dashboard in Splunk Enterprise Security is populated by the Risk data model. This data model is specifically designed to aggregate and analyze risk-related information, allowing security analysts to assess and visualize the risk levels associated with various entities, vulnerabilities, and incidents within the environment.

The Risk data model focuses on collating data from multiple sources to create a comprehensive risk score for assets, users, and incidents, enabling users to make informed decisions based on the risk exposure of their organization. Panels on the Risk Analysis dashboard display visualizations that derive from this data model, reflecting various risk metrics, trends, and relationships.

While other models such as Threat, Incident, and Asset provide vital contextual information within Splunk, they serve different purposes. The Threat model may analyze specific threats or vulnerabilities, the Incident model focuses on incidents within the environment, and the Asset model provides insights into the assets and their associated information. However, when it comes to assessing overall risk and populating the Risk Analysis dashboard, the Risk data model is the key contributor.