"Rba"
- Splunk Risk-Based Alerting:從 alert per rule 到 score-aggregated notable Splunk Enterprise Security 的 RBA 方法論:risk score / modifier / notable 三層 model、ES 配置 step-by-step、tuning playbook(false positive / score inflation / threshold drift / decay)、capacity 成本、跟 SOAR + case management 整合