Hello Splunk Community,
I would like to request clarification regarding Splunk Enterprise Security (ES) capabilities in relation to User Behavior Analytics (UBA).
In a current SIEM/SOC solution evaluation, one of the key requirements specifies that:
“The system must have the capability of User Behavior Analytics (UBA) to monitor and detect internal risks.”
A vendor has proposed using Splunk Enterprise Security (ES) with Machine Learning Toolkit (MLTK) and Risk-Based Alerting (RBA), stating that these features are equivalent to and can replace User Behavior Analytics (UBA) for managing user behavior and detecting insider threats.
I would appreciate clarification on the following points:
Does Splunk Enterprise Security (ES) natively include User Behavior Analytics (UBA) capabilities?
Can MLTK and RBA in Splunk ES be considered equivalent to, or a replacement for, Splunk UBA in terms of user behavior analysis and insider risk detection?
If not, is Splunk UBA a separate module required to provide these capabilities?
This clarification will help ensure a correct understanding of Splunk’s technical capabilities and licensing structure.
Thank you in advance for your insights and confirmation.
