View behavioral analytics service detections and details
Use the Detections page to view details about the supported detections in behavioral analytics service. This page enables security analysts to examine a detection to determine the reason the detection was triggered and how best to respond. Security operations managers can view the key attributes for detections to understand the kind of anomalies being generated by the system, and map the anomalies to threat detection playbooks and priorities.
The listing of detections and their details can help you understand how behavioral analytics service works and find the detection rules most beneficial for your organization.
- Click Content in the Splunk Mission Control menu bar.
- if needed, click Behavioral Analytics to expand the category.
- Click Detections.
Click on a detection to view the detection details. For example, you can view the following information about any detection:
- The detection version, date, related analytics story, and what data is needed to trigger the detection.
- The related security framework mapping such as MITRE Technique, Cyber Kill Chain, CIS20, and NIST.
- The SPL used find this detection.
Examine the riskiest entities and anomalies in the Entity Analytics Dashboard | Integrate risk analysis between Splunk ES and behavioral analytics service |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2
Feedback submitted, thanks!