Investigate suspicious activity as a hunter
A hunter investigates suspicious user activity based on data loss prevention alarms and anomalies.
- Review current anomalies identified in your environment on the Anomalies Table. Review anomalies on the anomalies table.
- Dig deeper into suspicious users on the Users Table. See all users on the user table.
- Save filters and create a Custom Dashboard with organization-specific views to monitor suspicious activity. Create a custom dashboard.
Investigate and monitor domains
Review anomalies on the anomalies table
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 184.108.40.206, 5.0.5, 220.127.116.11