Splunk® User Behavior Analytics

Send and Receive Data from the Splunk Platform

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Integrate Splunk ES and Splunk UBA with the Splunk Add-on for Splunk UBA

Use the Splunk Add-on for Splunk UBA to integrate Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UBA).

The Splunk Add-on for UBA is not available for download on Splunkbase. The add-on is installed by default with Splunk Enterprise Security (ES). See How do I obtain the Splunk Add-on for Splunk UBA?

You can integrate Splunk UBA and Splunk ES to share the following types of data:

For more information, see Viewing data from Splunk UBA in Enterprise Security in Use Splunk Enterprise Security.

Use Splunk ES to close or reopen notable events in order to have the corresponding threats also be closed or reopened in Splunk UBA. Do not close or reopen threats in Splunk UBA.

For instructions on how to send events from Splunk UBA to Splunk Enterprise without using Splunk ES, see Send Splunk UBA data to Splunk Enterprise without Splunk Enterprise Security in Administer Splunk User Behavior Analytics.

Last modified on 12 April, 2024
Deploy the Splunk Add-on for Splunk UBA   Send Splunk UBA anomalies and threats to Splunk ES as notable events

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters