Introduction to Splunk UBA

Duration : 2 Days (16 Hours)

Introduction to Splunk UBA Course Overview:

This course focuses on several key topics:

  • Defining UBA: Students will learn what User and Entity Behavior Analytics (UBA) is and its significance in the context of cybersecurity.
  • Understanding Threats and Anomalies: The course will cover various cybersecurity threats and anomalies that UBA aims to detect and mitigate.
  • Contextualizing Internal Data: Students will gain an understanding of how internal data, such as user behavior and system logs, can be contextualized and analyzed to identify security threats.
  • Examining Employee-User Account Relationships: The course will explore the relationships between employees and their user accounts, emphasizing the importance of monitoring and securing these accounts.

Overall, the course aims to provide students with knowledge and skills related to UBA and its role in enhancing cybersecurity.

Intended Audience:

  • Security Analysts
  • IT Administrators
  • System Administrators
  • Security Operations Center (SOC) Teams
  • Cybersecurity Specialists
  • Security Managers
  • IT and Security Professionals
  • Compliance and Audit Professionals
  • Anyone Interested in Security

Learning Objectives of Introduction to Splunk UBA:

▪ What is Splunk UBA?
▪ Threats and Anomalies
▪ Data sources and Use Cases
▪ HR Data

Topic 1 – What is Splunk UBA?

  • Understanding the User Interface: Introduction to the Splunk UBA user interface.
  • What can UBA detect?: Exploring the capabilities of Splunk UBA in terms of threat detection.

Topic 2 – Getting Data In

  • Understanding key data types: Explaining different types of data relevant to UBA.
  • Relating HR data: Discussing the importance of relating HR (Human Resources) data to UBA.
  • Baselining user behavior: Understanding how to establish a baseline for user behavior.

Topic 3 – Splunk UBA Data Flow

  • Data source connectors: Exploring how data source connectors are used to bring in data.
  • Data normalization and the Common Information Model: Understanding the normalization process and the Common Information Model (CIM).
  • How data is used by Splunk UBA models: Explaining how the collected data is utilized by Splunk UBA models.

Topic 4 – Splunk UBA Deployment Architectures

  • Supported platforms: Discussing the platforms supported by Splunk UBA.
  • Node roles: Understanding the different roles of nodes in a Splunk UBA deployment.

Topic 5 – Use Cases

  • Core data sources: Identifying the core data sources used in UBA.
  • Additional data sources and unlocking use cases: Exploring how additional data sources can be leveraged to expand use cases.

Topic 6 – UBA Workflow

  • Anomaly investigation: Detailing the workflow for investigating anomalies detected by Splunk UBA.
  • Threats review: Discussing the workflow for reviewing and responding to security threats.

Introduction to Splunk UBA Course Prerequisites:

To be successful, students should have a working knowledge of the
topics covered in the following courses:
▪ Intro to Splunk
▪ Using Fields
▪ Visualizations
▪ Intro to Knowledge Objects
Students should also have completed the following courses:
▪ ES Administration

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability

Classroom

  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention

Onsite

  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.
×