Configure inputs for the Splunk add-on for Splunk UBA
Setting up the Splunk add-on for Splunk UBA configures inputs for the Splunk add-on for Splunk UBA.
Data sent | Index | Details |
---|---|---|
Anomaly and threat data sent from Splunk UBA to the Splunk platform | ueba | Modeled by the UEBA data model. |
Audit events sent from Splunk UBA to the Splunk platform | _audit | Added to the Splunk _audit index. |
From the Splunk platform to Splunk UBA | ubaroute | Sent using syslog. |
See Integrate Splunk Enterprise Security and Splunk UBA with this add-on.
PREVIOUS Set up the Splunk add-on for Splunk UBA |
NEXT Integrate Splunk Enterprise Security and Splunk UBA with this add-on |
This documentation applies to the following versions of Splunk® Add-on for Splunk UBA: 1.2.0, 1.3.0
Feedback submitted, thanks!