Send Splunk UBA data to Splunk Enterprise Security
To send data from Splunk UBA to Splunk Enterprise Security (ES), you must use the Splunk Add-on for Splunk UBA, which is provided with Splunk ES.
For Splunk UBA version 5.4.0 and higher, the Splunk ES account being used for UBA-ES integration must have the edit_token_http
capability.
For more information about how Splunk UBA and Splunk ES can be integrated, see How Splunk UBA sends and receives data from the Splunk platform in the Send and Receive Data from the Splunk Platform manual.
Replace Job Manager certificate with a third-party certificate | Send Splunk UBA threats to analysts using email |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.4.0, 5.4.1
Feedback submitted, thanks!