Splunk User Behavior Analytics

Solution Overview
Splunk User Behavior Analytics helps organizations find known, unknown and hidden threats (e.g., lurking APTs, malware infections and insider threats) using machine learning, behavior baseline, peer group analytics and advanced correlation. It addresses security analysts and hunter workflows, requires minimal administration and integrates with existing infrastructure.

Key Use Cases:
  • Advanced cyber attacks
  • Malicious insider threats
  • Online ATO

Goals & Objectives

This 10 minute is designed to highlight WWT's complete security offerings and the unique value of each key component (ES, UBA, Phantom). The lab is designed to show the value of the content/capabilities with currently available products including highlighting areas of overlap in functionality.

Hardware & Software

  • Splunk Enterprise Platform 7.1 or higher.
  • Splunk User Behavior Analytics 4.0 or higher.
  • Apache Hadoop.

  • 3x Redhat/Centos Linux server (node).
  • 50GB  UBA Installation.
  • 1TB  for metadata storage.
  • 1TB for node running Spark service.