Investigate suspicious activity as a hunter
A hunter investigates suspicious user activity based on data loss prevention alarms and anomalies.
- Review current anomalies identified in your environment on the Anomalies Table. Review anomalies on the anomalies table.
- Dig deeper into suspicious users on the Users Table. See all users on the user table.
- Save filters and create a Custom Dashboard with organization-specific views to monitor suspicious activity. Create a custom dashboard.
Investigate and monitor domains | Review anomalies on the anomalies table |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1
Feedback submitted, thanks!