Welcome to Splunk UBA 5.2.0
Splunk UBA 5.2.0 is a major release. See About Splunk User Behavior Analytics and release types for more information about the different types of Splunk UBA releases.
If you are new to Splunk UBA, review all the steps in the Splunk UBA installation checklist before installing Splunk UBA.
Planning to upgrade from an earlier version?
If you plan to upgrade to this version from an earlier version of Splunk UBA, read the following documents before you get started:
- See Upgrade Splunk UBA prerequisites and overview in the Install and Upgrade Splunk user Behavior Analytics manual for information you need to know before you upgrade.
- Splunk UBA requires incremental upgrades from earlier versions. See How to install or upgrade to this release of Splunk UBA in the Install and Upgrade Splunk User Behavior Analytics manual for upgrade path information.
What's new in 5.2.0
Splunk UBA version 5.2.0 includes the following features and changes:
Feature, enhancement, or change | Description |
---|---|
Operating System updates: | The 5.2.0 release provides the following operating system updates:
The 5.2.0 AMI package will be available shortly after GA for AWS environments. For more information, see Operating system requirements in the Install and Upgrade Splunk User Behavior Analytics manual. |
Bulk upload users to User Watchlists | You can now add users in bulk to a User Watchlist. See, Add bulk users to a User Watchlist. |
Allow/ Deny List improvement | You can now enter individual entries within the Allow/Deny by adding values using the Splunk UBA user interface. See, Add new entries to a deny list or allow list. |
Delete multiple threats of a certain type based on the score | The clean_threats.sh script can be used to clean up old threats. See, How to delete multiple threats of a certain type based on the score.
|
Malware Threat model re-enabled | The Hypergraph based Malware Threat Detection Model that was disabled in version 5.1.0 is re-enabled in version 5.2.0. |
Removal of biased language | As part of an ongoing process across releases, user-interface mentions of the terms "blacklist" and "whitelist" are changed as follows:
For more information, see Biased Language Has No Place in Tech |
Splunk UBA external dependencies
You can download a PDF file listing the external dependencies required to install Splunk UBA:
Do not independently upgrade the following UBA-dependent components to avoid impacting UBA operations:
docker
hadoop
hive
impala
influxdb
kafka
kubernetes
nodejs
openjdk
postgresql
protobuf
redis
spark
zookeeper
Known issues in Splunk UBA |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.2.0
Feedback submitted, thanks!