Splunk® Enterprise Security

Detect Unknown Threats with Behavioral Analytics Service

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

View behavioral analytics service detections and details

Use the Detections page to view details about the supported detections in behavioral analytics service. This page enables security analysts to examine a detection to determine the reason the detection was triggered and how best to respond. Security operations managers can view the key attributes for detections to understand the kind of anomalies being generated by the system, and map the anomalies to threat detection playbooks and priorities.

The listing of detections and their details can help you understand how behavioral analytics service works and find the detection rules most beneficial for your organization.

  1. Click Content in the Splunk Mission Control menu bar.
  2. if needed, click Behavioral Analytics to expand the category.
  3. Click Detections.

Click on a detection to view the detection details. For example, you can view the following information about any detection:

  • The detection version, date, related analytics story, and what data is needed to trigger the detection.
  • The related security framework mapping such as MITRE Technique, Cyber Kill Chain, CIS20, and NIST.
  • The SPL used find this detection.
Last modified on 05 January, 2023
Examine the riskiest entities and anomalies in the Entity Analytics Dashboard   Integrate risk analysis between Splunk ES and behavioral analytics service

This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters