I need a few useful Correlation searches (SPLs) to keep a close eye on user (internal or malicious) behavior in ES please? Thank u in advance.
Have you checked any of the ES Content Update or Splunk * Essentials apps? Keep in mind the most useful UBA-related searches are likely confined to the UBA app itself.