false
Splunk named a Leader in the Forrester Wave™: Security Analytics Platforms, Q2 2025
Splunk named a Leader in the Forrester Wave™: Security Analytics Platforms, Q2 2025

Security

Splunk User Behavior Analytics

im

Product Announcement

UEBA is now a native capability within Splunk Enterprise Security

Splunk Enterprise Security (ES) brings customers a brand new experience with a unified SecOps platform — seamlessly integrated with agentic AI, SOAR, UEBA, and SIEM.

HOW IT WORKS

Stop insider threats before they stop you

machine-learning-toolkit-mltk-dashboard-featured

Detect advanced threats and anomalous behavior using machine learning

Splunk User Behavior Analytics uses unsupervised machine learning algorithms to establish baseline behaviors of users, devices, and applications, then searches for deviations to detect unknown and insider threats.

Enhance security visibility so you can act decisively

Splunk User Behavior Analytics visualizes threats across multiple phases of an attack to give security analysts a comprehensive understanding of attack root cause, scope, severity, and timelines. This context-rich view enables analysts to rapidly assess impact, and make informed decisions quickly and confidently.

machine-learning-toolkit-mltk-dashboard-featured
machine-learning-toolkit-mltk-dashboard-featured

Simplify incident investigations to increase SOC efficiency

Splunk User Behavior Analytics automatically reduces billions of raw events down to tens of threats for rapid review, without the need for time-consuming human-fueled detective work performed by highly skilled security and data science professionals.

Features

Uncover the most sophisticated threats

dw-bi-analytics dw-bi-analytics

Streamlined threat workflow

Reduce billions of raw events to tens of threats for quick review and resolution. Use machine learning algorithms to help identify hidden threats without human analysis.

Data streaming Data streaming

Threat review and exploration

Visualize threats over a kill chain to gain context. Anomalies are stitched together across users, accounts, devices, and applications so you can clearly see attack patterns.

digital-experience-monitoring digital-experience-monitoring

User feedback learning

Customize anomaly models based on your organization’s processes, policies, assets, user roles, and functions. Get granular feedback to improve confidence in threat severity and detection.

detecting-network-abuse detecting-network-abuse

Kill chain detection and attack vector discovery

Detect lateral movement of malware or malicious insider proliferation. See behavior-based irregularities or pinpoint botnet or C&C activity.

We work with amazing customers.

See why the world’s leading organizations rely on Splunk.

acquia background acquia background

CUSTOMER STORY

Keeping Markets Moving: Splunk and NASDAQ

Splunk UBA is giving us deep insight into our insider threat and what our trusted users are doing at any given instant. 

Martin Luitermoza, Associate Vice President, NASDAQ

INTEGRATIONS

Splunk UBA and Splunk ES are better together

integrations
RESOURCES
Explore more from Splunk

Related Products

More from Splunk Security

Splunk Attack Analyzer Splunk Attack Analyzer

Splunk Attack Analyzer

Automatically detect and analyze the most complex credential phishing and malware threats.

Learn more
Splunk Security Essentials Splunk Security Essentials

Splunk Asset and Risk Intelligence

Proactive risk mitigation through continuous asset discovery and compliance monitoring.

Learn more

Get started

Detect anomalous behavior and more with Splunk UBA.