Splunk® Enterprise Security

Use Splunk Enterprise Security

Use behavioral analytics service with Splunk Enterprise Security 7.1.0 or higher

This topic applies only to customers on the Splunk Cloud platform.

If you have enabled Splunk Enterprise Security version 7.1 or higher, you can also provision behavioral analytics service on a tenant in Splunk Cloud Solutions.

Behavioral analytics service is a cloud-native analytics solution that streams data from your platform to a shared service for processing and helps investigative analysts uncover hidden threats. This service uses a near real-time analytics engine that integrates with Splunk Enterprise Security's risk-based alerting framework (RBA) to improve insider threat detection without adding to alert fatigue in your security operations center (SOC). It brings streaming analytics capabilities to the Splunk Cloud Platform environment and provides security visibility to uncover hidden and unknown threats that cannot be easily detected through searches.

For more information on prerequisites to enable behavioral analytics service with Splunk Enterprise Security, see How do I get behavioral analytics service?

What do I need to run behavioral analytics service?

Verify that you have the following in order to run behavioral analytics service:

  • Splunk Cloud stack on 9.0.2209 or later in the US East (Virginia) region
  • Splunk Enterprise Security version 7.1 or later
  • You are a Splunk Enterprise Security customer from the US East (Virginia) AWS region
  • You are a non-FedRamp customer
  • Your data ingestion volume is less than 4 TB

Behavioral analytics service is not available in the following compliant environments:

  • FedRAMP Moderate
  • IL5
  • IRAP

The behavioral analytics service for Splunk Enterprise Security is not available to on-prem users.

How do I get behavioral analytics service?

To get access to behavioral analytics service, you need Splunk Enterprise Security. Behavioral analytics service ingests asset and identity data from Splunk Enterprise Security in Splunk Cloud Platform for optimal identity resolution.

Last modified on 05 September, 2024
Get started with Splunk Enterprise Security   Turn on behavioral analytics service on Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters