Advanced Threat Hunting and Anomaly Detection with Splunk UBA

Splunk User Behavior Analytics (UBA) contains the largest library of unsupervised machine learning in the market. In this session, we'll show how to analyze data from both cloud and on-premises data sources in both types of deployment (cloud/on-premises) to convey the unique benefits of Splunk UBA. We'll discuss real-world examples that showcase the importance of using UBA and all other tools at your disposal for day-to-day threat hunting. Specifically, we'll show how to use Splunk Enterprise, Splunk Enterprise Security, and Splunk UBA together to hunt and detect anomalies that can reveal significant threats. We'll wrap up with best and worst practices from deployments seen throughout the world.

From .conf19, session SEC1248

Special thanks and credit to Tom Smit, Staff Sales Engineer, Splunk