[sse_user_notable_risk_drilldown]
display_location = field_menu
fields = user
label = Analyze ES Risk for user $user$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$user$
type = link
eventtypes = notable

[sse_user_risk_risk_drilldown]
display_location = field_menu
fields = user
label = Analyze ES Risk for user $user$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$user$
type = link
eventtypes = modrisk_results

[sse_dest_notable_risk_drilldown]
display_location = field_menu
fields = dest
label = Analyze ES Risk for dest $dest$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$dest$
type = link
eventtypes = notable

[sse_dest_ip_notable_risk_drilldown]
display_location = field_menu
fields = dest_ip
label = Analyze ES Risk for dest_ip $dest_ip$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$dest_ip$
type = link
eventtypes = notable

[sse_dest_risk_risk_drilldown]
display_location = field_menu
fields = dest
label = Analyze ES Risk for dest $dest$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$dest$
type = link
eventtypes = modrisk_results

[sse_src_notable_risk_drilldown]
display_location = field_menu
fields = src
label = Analyze ES Risk for src $src$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$src$
type = link
eventtypes = notable

[sse_src_risk_risk_drilldown]
display_location = field_menu
fields = src
label = Analyze ES Risk for src $src$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$src$
type = link
eventtypes = modrisk_results

[sse_src_ip_notable_risk_drilldown]
display_location = field_menu
fields = src_ip
label = Analyze ES Risk for src_ip $src_ip$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$src_ip$
type = link
eventtypes = notable

[sse_risk_object_risk_risk_drilldown]
display_location = both
fields = risk_object
label = Analyze ES Risk for risk_object $risk_object$
link.method = get
link.target = blank
link.uri = ../Splunk_Security_Essentials/analyze_es_risk?form.criteria=$risk_object$
type = link
eventtypes = modrisk_results




[mitre_technique_drilldown_notable]
display_location = field_menu
fields = mitre_technique
label = View Technique on MITRE Website
link.method = get
link.target = blank
link.uri = https://attack.mitre.org/techniques/$mitre_technique$
type = link
eventtypes = notable

[mitre_technique_drilldown_modrisk]
display_location = field_menu
fields = mitre_technique
label = View Technique on MITRE Website
link.method = get
link.target = blank
link.uri = https://attack.mitre.org/techniques/$mitre_technique$
type = link
eventtypes = modrisk_results

[mitre_tactic_drilldown_notable]
display_location = field_menu
fields = mitre_tactic
label = View Tactic on MITRE Website
link.method = get
link.target = blank
link.uri = https://attack.mitre.org/tactics/$mitre_tactic$
type = link
eventtypes = notable

[mitre_tactic_drilldown_modrisk]
display_location = field_menu
fields = mitre_tactic
label = View Tactic on MITRE Website
link.method = get
link.target = blank
link.uri = https://attack.mitre.org/tactics/$mitre_tactic$
type = link
eventtypes = modrisk_results