Splunk® User Behavior Analytics

Use Splunk User Behavior Analytics

Download manual as PDF

Download topic as PDF

Investigate suspicious activity as a hunter

A hunter investigates suspicious user activity based on data loss prevention alarms and anomalies.

  1. Review current anomalies identified in your environment on the Anomalies Table. Review anomalies on the anomalies table.
  2. Dig deeper into suspicious users on the Users Table. See all users on the user table.
  3. Save filters and create a Custom Dashboard with organization-specific views to monitor suspicious activity. Create a custom dashboard.
Last modified on 18 October, 2019
PREVIOUS
Investigate threats from Splunk UBA using Splunk Enterprise Security
  NEXT
Review anomalies on the anomalies table

This documentation applies to the following versions of Splunk® User Behavior Analytics: 2.4.0, 3.0.0, 3.0.1, 3.0.2, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 5.0.0, 5.0.1, 5.0.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters