Search for entities, anomalies, and threats in Splunk UBA
You can use the Search field on any page in Splunk UBA to help find entities, anomalies, and threats. See the following examples of searches you can perform:
- Search for a specific user in the Users Table.
- Search for a specific device in the Devices Table.
- Search for a specific app in the Apps Table.
- Search for a specific anomaly by description or summary in the Anomalies Table.
- Search for a specific threat by description of summary in the Threats Table.
- Search for any anomaly or threat that includes a specific user, account, device, app, or domain.
- Search for any entity, anomaly, or threat when creating an anomaly action rule.
Searches for anomalies, threats, users, accounts, apps, or domains are not case-sensitive. Searches for device names are case-sensitive.
Change user profile settings in Splunk UBA
Review threats and anomalies in your environment
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 220.127.116.11, 5.0.5, 18.104.22.168, 5.1.0, 22.214.171.124, 5.2.0
Feedback submitted, thanks!