Splunk User Behavior Analytics

Safeguard your organization from unidentified threats using Splunk User Behavior Analytics, which focuses on user and entity behavior.

Splunk User Behavior Analytics
How it works

Leverage machine learning to identify threats and detect abnormal behavior effectively.

Advanced threat detection

Uncover anomalies and unidentified threats that conventional security tools overlook.

Accelerate threat hunting

Leverage advanced investigative capabilities and robust behavior baselines to analyze entities, anomalies, and threats in depth.

Boost productivity

Automate the consolidation of numerous anomalies into a single threat, streamlining incident investigations.


Discover unknown threats using machine learning

Elevate visibility and enhance detection capabilities to identify both known and unknown cyberattacks, as well as hidden threats and insider activity.

Streamlined threat workflow

Streamline the review and resolution process by reducing billions of raw events to a concise set of tens of threats. Leverage machine learning algorithms to uncover hidden threats without the need for extensive human analysis.

Threat review and exploration

Gain valuable context by visualizing threats across the kill chain. Anomalies are intelligently connected across users, accounts, devices, and applications, enabling you to easily identify attack patterns and visualize the complete picture of the threat landscape.

User feedback learning

Tailor anomaly models to align with your organization’s unique processes, policies, assets, user roles, and functions. Customize the models to fit your specific requirements and receive detailed feedback to enhance confidence in threat severity and detection. This customization empowers you to fine-tune the system according to your organization’s needs and improve the overall effectiveness of anomaly detection.

Kill chain detection and attack vector discovery

Identify instances of malware spreading laterally or the proliferation of malicious insiders. Detect behavior-based anomalies that indicate irregularities and pinpoint activities related to botnets or command-and-control (C&C) operations. By leveraging behavior-based detection techniques, you can effectively identify and respond to threats associated with the movement of malware or insider threats, as well as activities related to botnets or C&C infrastructure.