Splunk® Enterprise Security

Use Splunk Enterprise Security

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Use behavioral analytics service with Splunk Enterprise Security 7.1.0 or higher

If you have enabled Splunk Enterprise Security version 7.1 or higher, you can also provision behavioral analytics service on a tenant in Splunk Cloud Solutions.

Behavioral analytics service is a cloud-native analytics solution that helps investigative analysts uncover hidden threats. This service uses a near real-time analytics engine that integrates with Splunk Enterprise Security's risk-based alerting framework (RBA) to improve insider threat detection without adding to alert fatigue in your security operations center (SOC). It brings streaming analytics capabilities to the Splunk Cloud Platform environment and provides security visibility to uncover hidden and unknown threats that cannot be easily detected through searches.

For more information on prerequisites to enable behavioral analytics service with Splunk Enterprise Security, see How do I get behavioral analytics service?

What do I need to run behavioral analytics service?

Verify that you have the following in order to run behavioral analytics service:

  • Splunk Cloud stack on 9.0.2209 or later in the US East (Virginia) region
  • Splunk Enterprise Security version 7.1 or later
  • You are a Splunk Enterprise Security customer from the US East (Virginia) AWS region
  • You are a non-FedRamp customer
  • You ingest supported data sources using Splunk Universal Forwarder
  • Your data ingestion volume is less than 4 TB

Behavioral analytics service is not available in the following compliant environments:

  • FedRAMP Moderate
  • IL5
  • IRAP

The behavioral analytics service for Splunk Enterprise Security is not available to on-prem users.

How do I get behavioral analytics service?

To get access to behavioral analytics service, you need Splunk Enterprise Security. Behavioral analytics service ingests asset and identity data from Splunk Enterprise Security in Splunk Cloud Platform for optimal identity resolution.

Last modified on 17 February, 2023
PREVIOUS
Licensing for Splunk Enterprise Security
  NEXT
Enable behavioral analytics service on Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.1.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters