Must use Splunk UBA to improve security posture
January 14, 2022
Must use Splunk UBA to improve security posture
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk User Behavior Analytics (UBA)
In previous years, we were just relying on correlation rules which were throwing more number of false positive alerts in Splunk and which in turn creates more incidents if any ticketing tool is integrated with Splunk. This was causing more issues while handling high number of incidents with less resources as a part of the team. Aim was to reduce false positive which this product resolved our issue.
- Capture more number of anomalies.
- Create real threats.
- Create only true positive incidents.
- Observe more number of anomalies in an organization.
- Investigate threat created from anomaly.
- Create nearly true positive incidents.
- Fewer team members to work on real threats.
- Less time required to deal with real incidents.
- Easy to implement across the network.
- Splunk Enterprise, Splunk Enterprise Security (ES), Splunk Application Performance Monitoring (APM) and Splunk Cloud
Easier we were using Splunk Enterprise on heavy forwarder on which all the add-on were installed and were using Splunk Cloud with respect to search head and indexers stack. And with Splunk Enterprise Security premium app, we were relying on correlation rules which were throwing more number of false positive but after implementing Splunk UBA, we are now getting real-time true positive threat or incidents.
Do you think Splunk User Behavior Analytics (UBA) delivers good value for the price?
Yes
Are you happy with Splunk User Behavior Analytics (UBA)'s feature set?
Yes
Did Splunk User Behavior Analytics (UBA) live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk User Behavior Analytics (UBA) go as expected?
Yes
Would you buy Splunk User Behavior Analytics (UBA) again?
Yes