Splunk® App for Fraud Analytics

User Guide

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Overview of the Splunk App for Fraud Analytics

Use the Splunk App for Fraud Analytics to view high fidelity actionable fraud alerts related to account take overs and new account fraud. You can display the fraud related alerts within the Incident Review panel of Splunk Enterprise Security. You can also drill down on the fraud analysis dashboards from fraud notables within the Incident Review panel of the app to identify fraud.

The Splunk App for Fraud Analytics leverages the risk-based alerting (RBA) framework of Splunk Enterprise Security. Use this app to get started with RBA if you do not have prior knowledge of SPL. The app includes default correlation searches and dashboards that let you triage notables and thereby reduce false positives.

The app normalizes data sources by using macros and data models that searches on the Splunk Platform use to detect fraud. You can adjust the macros and use field aliases based on relevant data sources to ensure that the data matches the field names in the data models accurately. The correlation searches included in this app search the data models and run one or more adaptive response actions if it detects fraud.

Searches that run adaptive response actions based on risk are named as "RR-Fraud" and create risk events and risk scores for the risk index. The user is the risk object and gets protected from fraud.

Searches that run adaptive response actions based on notables are named as "Notable-Fraud" and create notable events for the notable index. A high- risk correlation search based on notables can also write to the risk index using an adaptive response action based on risk.

For more information, see also:

If you need assistance to troubleshoot the Splunk app for Fraud Analytics, contact Splunk Support Portal. If you need assistance to customize the app, contact your account team. Additionally, though the app does not include test data, you can download and install test data from Splunkbase. Using test data can use up to 7 GB of storage space and takes approximately 10-30 minutes to initialize.

Last modified on 13 December, 2022
  NEXT
Use Splunk App for Fraud Analytics to detect fraud

This documentation applies to the following versions of Splunk® App for Fraud Analytics: 1.1.3, 1.2.4

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters