Search for entities, anomalies, and threats in Splunk UBA
You can use the Search field on any page in Splunk UBA to help find entities, anomalies, and threats. For example:
- Search for a specific user in the Users Table.
- Search for a specific device in the Devices Table.
- Search for a specific app in the Apps Table.
- Search for a specific anomaly by description or summary in the Anomalies Table.
- Search for a specific threat by description of summary in the Threats Table.
- Search for any anomaly or threat that includes a specific user, account, device, app, or domain.
- Search for any entity, anomaly, or threat when creating an anomaly action rule.
Searches for anomalies, threats, users, accounts, apps, or domains are case-insensitive.
Searches for device names are case-sensitive.
Change user profile settings in Splunk UBA
Review threats and anomalies in your environment
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 22.214.171.124, 5.0.5, 126.96.36.199, 5.1.0