Splunk User Behavior Analytics

Solution Overview
Splunk User Behavior Analytics helps organizations find known, unknown and hidden threats (e.g., lurking APTs, malware infections and insider threats) using machine learning, behavior baselines, peer group analytics and advanced correlation. It addresses security analysts and hunter workflows, requires minimal administration and integrates with existing infrastructure.

Key Use Cases:
  • Advanced cyber attacks.
  • Malicious insider threats.
  • Online ATO.

Goals & Objectives

This 10-minute lab is designed to highlight WWT's complete security offerings and the unique value of each key component (ES, UBA, Phantom). The lab is designed to show the value of the content/capabilities with currently available products including highlighting areas of overlap in functionality.

Hardware & Software

  • Splunk Enterprise Platform 7.1 or higher.
  • Splunk User Behavior Analytics 4.0 or higher.
  • Apache Hadoop.

  • 3x Red Hat/Centos Linux server (node).
  • 50GB UBA installation.
  • 1TB for metadata storage.
  • 1TB for node running Spark service.