Investigate suspicious activity as a hunter
A hunter investigates suspicious user activity based on data loss prevention alarms and anomalies. You can take the following actions to investigate suspicious user activity in Splunk UBA:
- Review current anomalies identified in your environment on the Anomalies Table. See, Review anomalies on the anomalies table.
- Dig deeper into suspicious users on the Users Table. See, See all users on the user table.
- Save filters and create a Custom Dashboard with organization-specific views to monitor suspicious activity. See, Create a custom dashboard.
Investigate and monitor domains | Review anomalies on the anomalies table |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1
Feedback submitted, thanks!