Must use Splunk UBA to improve security posture
Rating: 10 out of 10
IncentivizedUse Cases and Deployment Scope
In previous years, we were just relying on correlation rules which were throwing more number of false positive alerts in Splunk and which in turn creates more incidents if any ticketing tool is integrated with Splunk. This was causing more issues while handling high number of incidents with less resources as a part of the team. Aim was to reduce false positive which this product resolved our issue.
Pros
- Capture more number of anomalies.
- Create real threats.
- Create only true positive incidents.
Likelihood to Recommend
Splunk User Behavior Analytics application is necessary when any company wants to capture the threat based on user behavior instead of just counting the number of occurrences of particular event. With Splunk UBA, we can analyse number of anomalies captured and which in turn creating threats which are nearly true positive.
Vetted Review
4 years of experience