Splunk User Behavior Analytics (UBA) is built on a big data platform (Hadoop) that horizontally scales and analyzes behavior of hundreds-of-thousands of users, devices and applications. It process data generated from various technologies: network, endpoint, identity, cloud, and applications, to identify anomalous behavior, and stitch applicable anomalies into threat(s) using its multi-pass machine learning architecture.
Splunk UBA visualizes the threat over a kill-chain, thereby, providing contextual awareness, along with supporting evidence for SOC analyst to consume.
Splunk UBA provides organizations the ability to:
• Enhance detection footprint by using behavior centric approach
• Augment SOC analyst by automatically stitching hundreds of anomalies into a single threat
• Provide enhanced context by visualizing the threat across multiple phases of an attack
For more information see the Splunk UBA Home Page and Splunk User Behavior Analytics Documentation
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.