Set up Splunk UBA to send user and device association data to Splunk ES
Set up Splunk User Behavior Analytics (UBA) to send user and device association data to Splunk Enterprise Security (ES). User and device association data from Splunk UBA is visible on the Session Center dashboard in Splunk ES. See Session Center dashboard in the Use Splunk Enterprise Security manual.
- Log in to the Splunk UBA management server as the caspida user using SSH.
- Open the
- Edit or create the
identity.resolution.export.enabledsetting and set it to
- Restart the Splunk UBA web interface service for the changes to take effect.
sudo service caspida-ui stop sudo service caspida-ui start
Pull notable events from Splunk ES to Splunk UBA
Send Splunk UBA audit events to Splunk ES
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 22.214.171.124, 5.0.5, 126.96.36.199, 5.1.0