All Apps and Add-ons

Can you process incoming email from an email security appliance in the UBA?

packet_hunter
Contributor

Phishing emails often attempt to masquerade as legit senders or common expected senders (typo-squatting).

Does anyone know if the UBA can process email headers and trigger a Whois Lookup to check creation date, Geo location, etc. for phishy uncommon emails/sender domains?

0 Karma
1 Solution

David
Splunk Employee
Splunk Employee

UBA can ingest email data, and uses it for a variety of use cases. This one in particular, I'm not actually sure whether is done by UBA, but if we can chat offline about your use cases. That said, the descriptions that you're talking about can definitely be done with Core Splunk or ES very easily -- if you (or anyone you work with) has that data in Splunk already then you can happily leverage get that today.

View solution in original post

0 Karma

David
Splunk Employee
Splunk Employee

UBA can ingest email data, and uses it for a variety of use cases. This one in particular, I'm not actually sure whether is done by UBA, but if we can chat offline about your use cases. That said, the descriptions that you're talking about can definitely be done with Core Splunk or ES very easily -- if you (or anyone you work with) has that data in Splunk already then you can happily leverage get that today.

0 Karma

packet_hunter
Contributor

David Thank you for the reply.

Please advise regarding how I can "chat offline" with you.

I agree that Core / ES could do this as well, but I was wondering if UBA had a better pattern / decision engine.

Can you provide a brief description of the requirements for ES and Core to do this? I imagine you need smtp headers and proxy logs?

Thank you

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...