Send notable events from Splunk Enterprise Security to Splunk UBA
You can send notable events from Splunk Enterprise Security (ES) to Splunk UBA to be processed for anomalies. You can use Splunk UBA to generate threats from the correlation search anomalies.
See How Splunk UBA sends and receives data from the Splunk platform in the Send and Receive Data from the Splunk Platform manual for more information.
Splunk UBA category to Splunk CIM field mapping reference
Configure PowerShell logging to see PowerShell anomalies in Splunk UBA
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 184.108.40.206, 5.0.5, 220.127.116.11