What's new in behavioral analytics service
Behavioral analytics service releases continuously. This list is periodically updated with the latest functionality and changes to behavioral analytics service.
March 15, 2022
The output from the behavioral analytics service is structured in the format of a Finding Report schema. The structured output of the Finding Report schema prepares to send the findings from the behavioral analytics service into the risk based alerting framework of Splunk Enterprise Security for further analysis. See Finding Reports event class.
November 17, 2021
Pivot from the entity timeline in behavioral analytics service to view contributing events in Splunk Mission Control with a single click. Analysts can quickly validate the raw events and promote events to notables with the fields retained for investigations. See Drill down to view entity details in behavioral analytics service.
November 10, 2021
This release supports six new detections. See Supported detections in behavioral analytics service.
October 15, 2021
This release enhances the Entity Details page to provide additional inline fields in the detection details to reduce need to pivot. See Drill down to view entity details in behavioral analytics service.
September 29, 2021
This release provides the following features:
- The Entity Details page now includes a filter so that you can view only detection events, notable events, or scoring update events. See Drill down to view entity details in behavioral analytics service.
- An updated risk score normalization algorithm is implemented.
September 10, 2021
This release provides the following updates to the Entity Details page:
- Stylistic updates to align behavioral analytics service more closely with Splunk Mission Control
- Add Show More and Show Previous to the list of detection events, notable events, and score update events.
- Make the graphical timeline collapsible to provide more area to view the list of events.
See Drill down to view entity details in behavioral analytics service.
September 8, 2021
The beta version of the behavioral analytics service documentation is disabled.
August 25, 2021
This release provides the following features:
- View a list of all detections supported in behavioral analytics service along with details for each detection. See View behavioral analytics service detections and details.
- The entity details page is enhanced to provide a modern accordion style user experience to show additional details for anomalies, notable events, and risk-based alerting (RBA) events. See Drill down to view entity details in behavioral analytics service.
August 4, 2021
This release adds support to show notable events and RBA events from Splunk ES on the entity details timeline in chronological order so that connections are made among disparate alerts, reducing time to threat discovery. See Drill down to view entity details in behavioral analytics service.
July 28, 2021
This release adds support to ingest notable events and RBA events from Splunk ES to behavioral analytics service. This means that any alert tuning you performed in Splunk ES is also reflected in the entity scores in behavioral analytics service. See How behavioral analytics service calculates risk scores.
June 17, 2021
This release provides the following features:
| Feature | Description |
|---|---|
| Entity Analytics dashboard | Quickly identify the riskiest users and devices in your environment, and also view a summary of all the detection activity happening in your environment. See Examine the riskiest entities and anomalies in the Entity Analytics dashboard. |
| Identity Resolution | Perform identity resolution on all events to associate each event with an originating user and device. See How behavioral analytics service performs identity resolution to associate data with entities. |
| Risk Scoring | Learn how behavioral analytics service calculates and assigns risk scores to users and devices in your environment. See How behavioral analytics service calculates risk scores. |
| Enrich events with asset and identities context | Enrich all events with asset and identities information from Splunk ES on Splunk Cloud Platform for high-quality identity resolution in behavioral analytics service. See How to import assets and identities data from Splunk ES on Splunk Cloud Platform into behavioral analytics service. |
| Operational logging | Proactively identify issues with your cloud deployment with application-level errors. Logging covers use cases from unsupported source types to field validation. See Search for event parsing errors from Splunk Mission Control. |
| Entity-Based Investigations | View an example of an entity-based investigation in behavioral analytics service. See Examine the riskiest entities and anomalies in the Entity Analytics dashboard. |
| Introduction to behavioral analytics service | Supported data sources in behavioral analytics service |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.0, 7.0.1, 7.0.2
Download manual
Feedback submitted, thanks!