Hi,
I am new to Splunk and I am interested to pick up how to perform UBA in Splunk to derive insights from data.
Where can I get started to learn Splunk and techniques for UBA?
How long does it take for an average individual to be proficient at Splunk?
Thanks!
How many data sources are set up in UBA?
If you want to perform UBA without purchasing the UBA app, you can download @David's app Splunk Security Essentials: https://splunkbase.splunk.com/app/3435/
It walks you through the different UBA use cases that you might want to explore, and how to do those in Splunk Enterprise/Cloud or if you would need to use the Splunk User Behavior Analytics product to address those use cases. As Chris mentioned, contacting sales is a great place to start.
Splunk User Behavior Analytics is a separate product from Splunk Enterprise. It integrates with Splunk Enterprise Security so that you can investigate event data indexed in Splunk Enterprise Security and analyze notable events.
See the Splunk User Behavior Analytics documentation to get a better sense of what is involved in the software.
Your more general questions are...too general to answer well. It depends what kind of proficiency you are talking about, what your environment is like, and what your use cases are.
There are other Splunk Answers posts that suggest the best ways to come up to speed quickly. See Hungry Newbie: Best way to learn Splunk well efficiently (shortest amount of time)? as one place to start.
Hi,
So can techniques used in UBA be applied in data from Splunk Enterprise to create any insights?
Since Splunk UBA is a totally different program. The pricing would be very different from Splunk, does it offer free trials?
Thank you.
I don't think there are free trials for UBA. You should definitely contact Sales to see what they can do for you. They are probably well-positioned to handle some of your general use case questions, too.
Maybe I will write in and see how it goes. Splunk UBA could now be an overkill for me.
For now I would just like to focus on being proficient in Splunk Enterprise enough to draw insights from data which explains access behaviour. So I will be visiting the link you provided.
Maybe take a look at this walkthrough of how to build a dashboard for failed logins in the documentation. That might be interesting for you.