Splunk Behavior Analytics or User Behavior Analytics (UBA) is a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. Its data science driven approach delivers actionable results with risk ratings and supporting evidence, augmenting SOC analysts existing techniques.
- Detects inside threats using out-of-the-box purpose-built but extensible unsupervised ML (machine learning) algorithms.
- Provides context around the threat via machine learning driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle.
- Increases SOC efficiency with rank-ordered threats along with supporting evidence.
- Supports bi-directional integration with Splunk Enterprise for the data ingestion and correlation and with Splunk Enterprise Security for workflow management, incident scoping and automated response
Splunk Behavior Analytics or User Behavior Analytics (UBA) uses behavior modeling, peer-group analysis, and other machine learning techniques to uncover the known, unknown, and hidden threats in your environment. UBA will automatically detects anomalous behavior from devices, users, and applications, combining those patterns into specific, actionable threats.
Detects unknown anomalous and threats behavior using machine learning :
- Advanced Threat Detection
Discover the abnormalities and unknown threats that traditional security tools misses.
- Higher Productivity
Automate analyzing the hundreds of anomalies into a single threat to simplify a security analyst’s life.
- Accelerate Threat Hunting
Use investigative capabilities and powerful behavior baselines on any anomaly, entity, or threat.
Splunk Behavior Analytics Capabilities
Automatically find unknown threats using machine learning
- Enhance Visibility and Detection
Automate the threat detection using ML so you can spend ample time finding with the higher fidelity behavior based alerts for quick review and resolution.
- Accelerate Threat Hunting
Rapidly identify anomalous entities without human analysis. Rich set of anomaly types (65+) and threat classifications (25+) across accounts, users, devices and applications.
- Augment SOC Resources
Automatically provides hundreds of anomalies observed across multiple-entities like accounts, users, devices and applications to a single threat for faster action.
- Better Together: Splunk ES and Splunk UBA
Organizations gain maximum value to detect and resolve threats and anomalies via the power of human and machine-driven solutions by combing Splunk Enterprise Security and Splunk UBA.
Splunk UBA Releases
Platform releases contain significant new enhancements and features such as new rules and threat models, or new products.
- Content releases
Content releases consists of a bigger list of fixed issues, and may also include minor product enhancements such as updates to rules or threat models. These releases are identified by a three-digit release number that does not end in a zero.
Maintenance releases contain a longer list of known bug fixes, issues, and minor feature additions or enhancements. These releases are identified by a three-digit release number that does not end in a zero.
A patch release consists of five critical or highly urgent issues that must be addressed in a short window of time. Patch releases can be easily identified by a four-digit release number.