Send notable events from Splunk Enterprise Security to Splunk UBA
You can send notable events from Splunk Enterprise Security (ES) to Splunk UBA to be processed for anomalies. You can use Splunk UBA to generate threats from the correlation search anomalies.
For more information see How Splunk UBA sends and receives data from the Splunk platform in Send and Receive Data from the Splunk Platform.
Splunk UBA category to Splunk CIM field mapping reference | Configure PowerShell logging to see PowerShell anomalies in Splunk UBA |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0
Feedback submitted, thanks!