Investigate threats as a security analyst
As an analyst in a Security Operations Center (SOC), use Splunk User Behavior Analytics (UBA) to review and investigate the threats in your environment.
- Review current threats in your environment on Threat Review. Review current threats.
- Understand the specific actors in a threat by reviewing the Threat Details.
- Review the anomalies that contributed to the threat in the Anomaly Details.
- Learn more about the users involved in the threat on the User Information page. View user information
- Review users with threats on User Review. Review current user activity.
Peer groups in Splunk UBA
Review current threats
This documentation applies to the following versions of Splunk® User Behavior Analytics: 2.4.0, 3.0.0, 3.0.1, 3.0.2, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 5.0.0, 5.0.1, 5.0.2