This documentation does not apply to the most recent version of Splunk® Add-on for Splunk UBA.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Source type for the Splunk add-on for Splunk UBA
The Splunk add-on for Splunk UBA includes the ueba
sourcetype. This add-on also includes two indexes: ueba
and ubaroute
.
Source type | Collection method | CIM compliance |
---|---|---|
ueba | TCP | None. This data maps to the UEBA data model included with Enterprise Security. |
uba_audit | TCP | None. |
Last modified on 14 August, 2018
PREVIOUS About the Splunk add-on for Splunk UBA |
NEXT Release notes for the Splunk add-on for Splunk UBA |
This documentation applies to the following versions of Splunk® Add-on for Splunk UBA: 1.2.0, 1.3.0
Feedback submitted, thanks!