Splunk User Behavior Analytics (UBA) focuses on tracking user behaviors, with devices and applications as the primary entities. UBA aggregates ingested events, storing them in a scalable "analytics" store to reduce raw events. The aggregation granularity and retention period is configurable. UBA uses unsupervised machine learning to profile normal behavior for each identity and asset, and then looks for unusual behavior patterns across those identities and assets. To help ensure your analysts are able to focus on critical threats that pose the greatest risk to the organization, once UBA identifies anomalies, it again uses machine learning models and looks for unusual patterns in the captured anomalies. These anomalies indicate a High Fidelity Threat.UBA models generate anomalies, threats, or indicators of compromise. Anomalies are generated by the streaming models, batch models, and anomaly rules. Anomalies provide you with threat evidence. Threats in UBA are what you can base your act...
