Topic 1 – What is Splunk UBA?

• Understanding the User Interface: Introduction to the Splunk UBA user interface.
• What can UBA detect?: Exploring the capabilities of Splunk UBA in terms of threat detection.

Topic 2 – Getting Data In

• Understanding key data types: Explaining different types of data relevant to UBA.
• Relating HR data: Discussing the importance of relating HR (Human Resources) data to UBA.
• Baselining user behavior: Understanding how to establish a baseline for user behavior.

Topic 3 – Splunk UBA Data Flow

• Data source connectors: Exploring how data source connectors are used to bring in data.
• Data normalization and the Common Information Model: Understanding the normalization process and the Common Information Model (CIM).
• How data is used by Splunk UBA models: Explaining how the collected data is utilized by Splunk UBA models.

Topic 4 – Splunk UBA Deployment Architectures

• Supported platforms: Discussing the platforms supported by Splunk UBA.
• Node roles: Understanding the different roles of nodes in a Splunk UBA deployment.

Topic 5 – Use Cases

• Core data sources: Identifying the core data sources used in UBA.
• Additional data sources and unlocking use cases: Exploring how additional data sources can be leveraged to expand use cases.

Topic 6 – UBA Workflow

• Anomaly investigation: Detailing the workflow for investigating anomalies detected by Splunk UBA.
• Threats review: Discussing the workflow for reviewing and responding to security threats.

Introduction to Splunk UBA Course Prerequisites:

To be successful, students should have a working knowledge of the
topics covered in the following courses:
▪ Intro to Splunk
▪ Using Fields
▪ Visualizations
▪ Intro to Knowledge Objects
Students should also have completed the following courses:
▪ ES Administration