Coming October 25: PeerSpot Awards will be announced! Learn more

Splunk User Behavior Analytics OverviewUNIXBusinessApplication

Splunk User Behavior Analytics is #1 ranked solution in top Anomaly Detection Tools, #5 ranked solution in top User Behavior Analytics - UEBA tools, and #10 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Splunk User Behavior Analytics an average rating of 9.2 out of 10. Splunk User Behavior Analytics is most commonly compared to Darktrace: Splunk User Behavior Analytics vs Darktrace. Splunk User Behavior Analytics is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: September 2022

What is Splunk User Behavior Analytics?
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics – for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.

Splunk User Behavior Analytics was previously known as Caspida, Splunk UBA.

Splunk User Behavior Analytics Customers
8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia
Splunk User Behavior Analytics Video

Splunk User Behavior Analytics Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Network Security Engineer at a tech services company with 51-200 employees
Real User
Easy to use with a great dashboard and a simple setup
Pros and Cons
  • "It's easily scalable."
  • "We'd like the ability to do custom searches."

What is our primary use case?

We have been using it for performing analytics for the logs. 

We resell it to our customers. We are also using the tool so that we can build more use cases for our clients. We basically look into understanding how it is performing analytics with Office 365 and how it is correlating those things. 

What is most valuable?

For us, it has been working great as of now.

We enjoy the overall usability. You just look at the dashboard and you have all the data that you need at a glance. That is probably the best part, I would say. It's easy enough to understand that anyone can pick it up.

My understanding is that the setup is easy.

The solution is stable. 

It's easily scalable. 

What needs improvement?

UBA is a separate tool and it should be a part of the Splunk base itself so that we can download it. It should be easier to use just like the normal Splunk in that we should be able to put in queries or add custom things. 

We'd like the ability to do custom searches. 

For how long have I used the solution?

I've been using the solution for the last three months. 

Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
September 2022
Find out what your peers are saying about Splunk, Darktrace, Cisco and others in Intrusion Detection and Prevention Software (IDPS). Updated: September 2022.
634,590 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's a stable, reliable product with good performance. There aren't bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

It is a scalable product. It can expand with ease. 

How are customer service and support?

I've never dealt with technical support. 

Which solution did I use previously and why did I switch?

We use all different types of solutions from Splunk, whether it is the SIEM, or ITSI, or even Splunk Enterprise. It's all Splunk. That it's.

We have not used SignalFx. We have been looking into it, however.

How was the initial setup?

From what I have heard, the setup is easy, although I did not set it up myself.

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the exact licensing fees. 

What other advice do I have?

I'm not sure which version of the solution we're using. 

We have been using Splunk for a while, and we were looking for some solutions that incorporate a lot of ML and AI to get insights into the activities that are going on in the user's end devices. We feel that UBA was a much better solution than other options. There are different products, however, we went with Splunk as we have been using other Splunk tools for a while now.

I'd recommend the product to others. 

I would rate the solution eight out of ten due to the lack of custom search and the fact it is sort of disconnected from the complete Splunk environment.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Owner at a computer software company with 11-50 employees
Real User
Top 20
Stable with good dashboards and a free demo version
Pros and Cons
  • "The solution appears to be stable, although we haven't used it heavily."
  • "I'm not aware of any lacking features."

What is our primary use case?

We do technical training and so we do training on the platform. We deploy it on our lab machines for students.

What is most valuable?

We're building some Splunk dashboards with it and it's useful.

We're currently monitoring students' log in, log out and verifying how they can collect the information. It's a good system for a learning environment. 

We're not specifically using it, we're doing training on it.

The solution appears to be stable, although we haven't used it heavily.

You can use the demo version in order to try the solution for free.

What needs improvement?

I'm not aware of any lacking features. 

For how long have I used the solution?

I've been using the solution for six years. 

What do I think about the stability of the solution?

We don't generate enough data to know whether it's reliable or not.

That said, with the small usage that we do utilize, it's pretty stable.

How are customer service and support?

I've never dealt with technical support. I cannot rate their services or speak to how helpful or responsive they are.

Which solution did I use previously and why did I switch?

We did not previously use a different solution before choosing Splunk. 

How was the initial setup?

The initial setup is pretty straightforward. It's a couple of scripts you run. It's pretty easy.

What's my experience with pricing, setup cost, and licensing?

We simply use the free demo version of the product. We do not pay any licensing fees at this time. 

What other advice do I have?

We're just end-users. We don't have a business relationship with Splunk.

I'm not sure what version of the solution we are on currently. I believe it's about a year and a half or so old.

This product is the easiest way to check if the work's correct.

It works well. It does what we need it to. I'd rate it a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
September 2022
Find out what your peers are saying about Splunk, Darktrace, Cisco and others in Intrusion Detection and Prevention Software (IDPS). Updated: September 2022.
634,590 professionals have used our research since 2012.
Sr. CyberSecurity Solutions Architect at a security firm with 11-50 employees
Real User
Top 10Leaderboard
Good support, stable, and provides good security

What is our primary use case?

We are a cybersecurity vendor and Splunk is the main product that we work with. We are predominantly a Splunk shop. We sell security solutions, so our primary use case for Splunk UBA is security.

What is most valuable?

This is a good security product.

What needs improvement?

The price of Splunk UBA is too high.

For how long have I used the solution?

I have been working with Splunk UBA at this company for the past year.

What do I think about the stability of the solution?

Everything that Splunk does is great, as far as stability.

What do I think about the scalability of the solution?

Scalability is excellent on all Splunk products that I've dealt with.

How are customer service and technical support?

The technical support is excellent.

What other advice do I have?

The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Head of cybersecurity at NOVARED SA
MSP
A fast and flexible solution for conducting analytics on large data sets

What is our primary use case?

Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching. 

What is most valuable?

The solution is fast, flexible, and easy to use. 

What needs improvement?

I would like improved downward integration with other tools such as McAfee and other GCP solutions. 

For how long have I used the solution?

I have been using the solution for four years. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable. 

How are customer service and support?

Technical support is very good and answers my questions. 

How was the initial setup?

The initial setup is easy. 

What other advice do I have?

The solution works very well with large data sets. 

I rate the solution a ten out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Splunk, Darktrace, Cisco, and more!
Updated: September 2022
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Splunk, Darktrace, Cisco, and more!