All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Learning Splunk to perform UBA

tanyongjin
Explorer
‎05-09-2017 08:42 AM

Hi,

I am new to Splunk and I am interested to pick up how to perform UBA in Splunk to derive insights from data.

Where can I get started to learn Splunk and techniques for UBA?

How long does it take for an average individual to be proficient at Splunk?

Thanks!

0 Karma
Reply

emmao
New Member
‎02-12-2020 08:37 AM

How many data sources are set up in UBA?

0 Karma
Reply

smoir_splunk
Splunk Employee
Splunk Employee
‎05-09-2017 12:58 PM

If you want to perform UBA without purchasing the UBA app, you can download @David's app Splunk Security Essentials: https://splunkbase.splunk.com/app/3435/

It walks you through the different UBA use cases that you might want to explore, and how to do those in Splunk Enterprise/Cloud or if you would need to use the Splunk User Behavior Analytics product to address those use cases. As Chris mentioned, contacting sales is a great place to start.

Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-09-2017 08:54 AM

Splunk User Behavior Analytics is a separate product from Splunk Enterprise. It integrates with Splunk Enterprise Security so that you can investigate event data indexed in Splunk Enterprise Security and analyze notable events.

See the Splunk User Behavior Analytics documentation to get a better sense of what is involved in the software.

Your more general questions are...too general to answer well. It depends what kind of proficiency you are talking about, what your environment is like, and what your use cases are.

There are other Splunk Answers posts that suggest the best ways to come up to speed quickly. See Hungry Newbie: Best way to learn Splunk well efficiently (shortest amount of time)? as one place to start.

Reply

tanyongjin
Explorer
‎05-09-2017 09:44 AM

Hi,

So can techniques used in UBA be applied in data from Splunk Enterprise to create any insights?

Since Splunk UBA is a totally different program. The pricing would be very different from Splunk, does it offer free trials?

Thank you.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-09-2017 09:50 AM

I don't think there are free trials for UBA. You should definitely contact Sales to see what they can do for you. They are probably well-positioned to handle some of your general use case questions, too.

0 Karma
Reply

tanyongjin
Explorer
‎05-09-2017 09:59 AM

Maybe I will write in and see how it goes. Splunk UBA could now be an overkill for me.

For now I would just like to focus on being proficient in Splunk Enterprise enough to draw insights from data which explains access behaviour. So I will be visiting the link you provided.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-09-2017 12:47 PM

Maybe take a look at this walkthrough of how to build a dashboard for failed logins in the documentation. That might be interesting for you.

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...