Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Splunk UBA installation checklist

Install Splunk UBA with assistance from Splunk Professional Services.

You can unify your security operations lifecycle by using Splunk Enterprise Security (ES) in conjunction with Splunk UBA. The combined solution provides a centralized view that can help SOC teams quickly respond to prioritized, high-fidelity threats. See, Splunk for Advanced Analytics and Threat Detection.

Checklist of tasks to install Splunk UBA

Use this checklist if you are a new Splunk UBA customer installing a Splunk UBA platform release for the first time. See About Splunk User Behavior Analytics and release types for information about how to determine if your Splunk UBA release is a platform release.

If you are an existing customer and want to upgrade to a more recent version of Splunk UBA, see How to install or upgrade to this release of Splunk UBA for upgrade instructions.

Perform all tasks in the table in the order that they are listed.

Number Task Description Documentation
1 Review known issues Review the known issues reported in this Splunk UBA release. See Known issues in Splunk UBA in the Splunk User Behavior Analytics Release Notes.
2 Verify sizing You can install Splunk UBA in a single-server deployment or in a distributed deployment. All servers must meet the system requirements. Verify that the planned architecture of the system meets the requirements for the desired EPS and number of accounts, devices, and data sources. See Scaling your Splunk UBA deployment in the Plan and Scale your Splunk UBA Deployment manual.
3 Verify hardware requirements Verify hardware requirements such as the minimum IOPS of the storage subsystem, and the disk space and RAM on all nodes. See Hardware requirements.
4 Verify operating system requirements Verify that your system is running a supported operating system. Automatic OS updating must be turned off on all nodes.

Installing Splunk UBA on hardened operating systems is not supported.

See Operating system requirements.
5 Verify permissions Verify that you are able to log in to each node and that root account permissions exist. See User access requirements.
6 Verify networking requirements Verify networking requirements such as node connectivity, port availability, IP address assignments, and DNS configuration.

Hadoop ports changed for Splunk UBA version 5.1.0 and higher. See Networking requirements to verify Hadoop port information before upgrading.

See Networking requirements.
7 Configure host name lookup and DNS Configure the host name lookup and DNS settings in your environment so that all Splunk UBA nodes can communicate with each other. See Configure host name lookup and DNS.
8 Verify Splunk platform user account requirements A properly configured Splunk user account is required to send data from the Splunk platform to Splunk UBA. See Requirements for connecting to and getting data from the Splunk platform.
9 Install Splunk UBA Perform any remaining platform-specific tasks that are needed, and then download and install the Splunk UBA software and perform the installation. See Install Splunk User Behavior Analytics.
10 Verify the installation Open a supported web browser and log in to the public IP address with admin credentials to confirm a successful installation. See Verify successful installation.

Next steps after installing Splunk UBA

Perform the tasks summarized in the table after Splunk UBA is successfully installed.

Number Task Description Documentation
1 Secure the default account Change the password for the default admin account, and optionally restrict sudo access. See Secure the default account after installing Splunk UBA.
2 Configure Splunk UBA Perform additional tasks to configure Splunk UBA:
  1. Perform the tasks in Configure Splunk UBA.
  2. Upload a license file. See License Splunk UBA.
  3. Manage your Splunk UBA certificates. See Request and add a new certificate to Splunk UBA to access the Splunk UBA web interface.
3 Administer Splunk UBA Administer user accounts and monitor the health of your deployment.
  1. Configure user accounts and authentication. See Manage user accounts and account roles in Splunk UBA in the Administer Splunk User Behavior Analytics manual.
  2. Verify that Splunk UBA is running normally. See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavior Analytics manual.
4 Add data to Splunk UBA After Splunk UBA is installed and configured, add human resources (HR) data and assets data from the Splunk platform as your first data sources. See Which data sources do I need? in the Get Data into Splunk User Behavior Analytics manual.
Last modified on 30 August, 2024
How to install or upgrade to this release of Splunk UBA   System requirements for Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters