×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tuongpx
New Member
Member since: 2 weeks ago
2 weeks ago
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-21-2025
View All

Clarification on UBA Capability in Splunk Enterpri...

by in Splunk Enterprise Security
2 weeks ago
2 weeks ago
Hello Splunk Community, I would like to request clarification regarding Splunk Enterprise Security (ES) capabilities in relation to User Behavior Analytics (UBA). In a current SIEM/SOC solution evaluation, one of the key requirements specifies that: “The system must have the capability of User Behavior Analytics (UBA) to monitor and detect internal risks.” A vendor has proposed using Splunk Enterprise Security (ES) with Machine Learning Toolkit (MLTK) and Risk-Based Alerting (RBA), stating that these features are equivalent to and can replace User Behavior Analytics (UBA) for managing user behavior and detecting insider threats. I would appreciate clarification on the following points: Does Splunk Enterprise Security (ES) natively include User Behavior Analytics (UBA) capabilities? Can MLTK and RBA in Splunk ES be considered equivalent to, or a replacement for, Splunk UBA in terms of user behavior analysis and insider risk detection? If not, is Splunk UBA a separate module required to provide these capabilities? This clarification will help ensure a correct understanding of Splunk’s technical capabilities and licensing structure. Thank you in advance for your insights and confirmation. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago