Splunk® User Behavior Analytics

Use Splunk User Behavior Analytics

Download manual as PDF

Download topic as PDF

Investigate threats as a security analyst

As an analyst in a Security Operations Center (SOC), use Splunk User Behavior Analytics (UBA) to review and investigate the threats in your environment.

  1. Review current threats in your environment on Threat Review. Review current threats.
  2. Understand the specific actors in a threat by reviewing the Threat Details.
  3. Review the anomalies that contributed to the threat in the Anomaly Details.
  4. Learn more about the users involved in the threat on the User Information page. View user information
  5. Review users with threats on User Review. Review current user activity.
Last modified on 18 October, 2019
PREVIOUS
Peer groups in Splunk UBA
  NEXT
Review current threats

This documentation applies to the following versions of Splunk® User Behavior Analytics: 2.4.0, 3.0.0, 3.0.1, 3.0.2, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 5.0.0, 5.0.1, 5.0.2, 5.0.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters