Splunk® User Behavior Analytics

Use Splunk User Behavior Analytics

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Search for entities, anomalies, and threats in Splunk UBA

You can use the Search field on any page in Splunk UBA to help find entities, anomalies, and threats. For example:

  • Search for a specific user in the Users Table.
  • Search for a specific device in the Devices Table.
  • Search for a specific app in the Apps Table.
  • Search for a specific anomaly by description or summary in the Anomalies Table.
  • Search for a specific threat by description of summary in the Threats Table.
  • Search for any anomaly or threat that includes a specific user, account, device, app, or domain.
  • Search for any entity, anomaly, or threat when creating an anomaly action rule.

Searches for anomalies, threats, users, accounts, apps, or domains are case-insensitive.

Searches for device names are case-sensitive.

Last modified on 20 April, 2021
PREVIOUS
Change user profile settings in Splunk UBA 		  NEXT
Review threats and anomalies in your environment

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters