Splunk® Enterprise Security

Use Splunk Enterprise Security

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Use behavioral analytics service with Splunk Enterprise Security 7.1.0 or higher

This topic applies only to customers on the Splunk Cloud platform.

If you have enabled Splunk Enterprise Security version 7.1 or higher, you can also provision behavioral analytics service on a tenant in Splunk Cloud Solutions.

Behavioral analytics service is a cloud-native analytics solution that streams data from your platform to a shared service for processing and helps investigative analysts uncover hidden threats. This service uses a near real-time analytics engine that integrates with Splunk Enterprise Security's risk-based alerting framework (RBA) to improve insider threat detection without adding to alert fatigue in your security operations center (SOC). It brings streaming analytics capabilities to the Splunk Cloud Platform environment and provides security visibility to uncover hidden and unknown threats that cannot be easily detected through searches.

For more information on prerequisites to enable behavioral analytics service with Splunk Enterprise Security, see How do I get behavioral analytics service?

What do I need to run behavioral analytics service?

Verify that you have the following in order to run behavioral analytics service:

  • Splunk Cloud stack on 9.0.2209 or later in the US East (Virginia) region
  • Splunk Enterprise Security version 7.1 or later
  • You are a Splunk Enterprise Security customer from the US East (Virginia) AWS region
  • You are a non-FedRamp customer
  • Your data ingestion volume is less than 4 TB

Behavioral analytics service is not available in the following compliant environments:

  • FedRAMP Moderate
  • IL5
  • IRAP

The behavioral analytics service for Splunk Enterprise Security is not available to on-prem users.

How do I get behavioral analytics service?

To get access to behavioral analytics service, you need Splunk Enterprise Security. Behavioral analytics service ingests asset and identity data from Splunk Enterprise Security in Splunk Cloud Platform for optimal identity resolution.

Last modified on 21 December, 2023
Licensing for Splunk Enterprise Security   Enable behavioral analytics service on Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.3.0, 7.3.1, 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters