The main use cases for Splunk User Behavior Analytics include threat detection. I detect insider threats, compromised users, account misuse, and all those things. I use unsupervised and supervised ML models. The risk scoring is another feature I use with categories. I assign risk scores to users and entities. I also do the integration with Splunk because Splunk User Behavior Analytics natively integrates with Splunk Enterprise. I build timeline visualizations, threat timelines, and event linkage. I also perform alert prioritization and threat-related prioritization based on trends.
We use Splunk User Behavior Analytics for log analysis, monitoring, security management, and creating dashboards. We utilize it for Citrix monitoring dashboards, where we integrate Citrix with Splunk to create performance dashboards specific to session details and resource usage. We also use it for monitoring user experience metrics.
I am a service provider and reseller. We have been working with Splunk User Behavior Analytics for ten months. Our company, as a system integrator, works with customers in government, banking, fintechs, and SMBs.
The focus is on applications and their behavior. For example, some edits might lead to unusual behavior. Based on these observations, I have made use of the solution.
I use Splunk User Behavior Analytics for SAML authentication, behavior analysis, and integration purposes. Integration allows me to identify version controls in CRM systems and analyze remote users. Additionally, I use it for streaming and machine learning kit integration, focusing on behavior analysis.
Learn what your peers think about Splunk User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: February 2026.
Software Engineer IAM at Mercedes-Benz Canada Inc.
Real User
Top 10
May 10, 2024
The solution helps us with the governance of attacks. We use the solution for threat identification and governance. The solution's use cases depend on the logs we ship to them because we ship all the logs of different products.
We introduced this solution to our customers and requested some dashboards, analytics, statistics, and information to be available through Splunk. However, I'm not proficient in the details and queries. We work at the airport and operate at various levels of management to ensure the quality of products and applications. We monitor the transportation of suitcases, the number of errors in applications, the number of incorrect log-ins, the number of users, and other statistics. System management, includes monitoring system behavior, memory size, memory usage, schedules, and analyzing what happened. It also involves network monitoring for messages that impact systems and specific applications, including downtime and performance issues. The level of involvement and responsibility varies based on an individual's role within the company.
Business Transformation specialist at a tech consulting company with 10,001+ employees
Real User
Mar 10, 2023
We have an application running for our e-commerce site, and we use Splunk primarily to detect anomalous behavior like false orders and other bot-related threats. Splunk helps us analyze and eliminate threats using machine learning.
Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching.
Sr. CyberSecurity Solutions Architect at a security firm with 11-50 employees
Real User
Nov 4, 2020
We are a cybersecurity vendor and Splunk is the main product that we work with. We are predominantly a Splunk shop. We sell security solutions, so our primary use case for Splunk UBA is security.
Global Engineer at a financial services firm with 10,001+ employees
Real User
Sep 21, 2020
We use the solution to feed telemetry data from the network into the collective for display-only. We haven't yet come to a point where we have decided on the process of the status for subsequent operational automation.
Information Security Specialist at a financial services firm with 201-500 employees
Real User
Aug 19, 2019
Splunk has features that no other solutions have. We work in organizations that have a big volume of data. Our primary use case of this solution is for indexing. The best solution that we found that could fit our needs was Splunk.
Security PS Supervisor at a tech services company with 1,001-5,000 employees
Real User
Aug 13, 2019
The solution has two main uses. The primary use is for log management and storage. The secondary use is related to solution log coordination and selection.
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides...
The main use cases for Splunk User Behavior Analytics include threat detection. I detect insider threats, compromised users, account misuse, and all those things. I use unsupervised and supervised ML models. The risk scoring is another feature I use with categories. I assign risk scores to users and entities. I also do the integration with Splunk because Splunk User Behavior Analytics natively integrates with Splunk Enterprise. I build timeline visualizations, threat timelines, and event linkage. I also perform alert prioritization and threat-related prioritization based on trends.
We use Splunk User Behavior Analytics for log analysis, monitoring, security management, and creating dashboards. We utilize it for Citrix monitoring dashboards, where we integrate Citrix with Splunk to create performance dashboards specific to session details and resource usage. We also use it for monitoring user experience metrics.
I am a service provider and reseller. We have been working with Splunk User Behavior Analytics for ten months. Our company, as a system integrator, works with customers in government, banking, fintechs, and SMBs.
The focus is on applications and their behavior. For example, some edits might lead to unusual behavior. Based on these observations, I have made use of the solution.
I use Splunk User Behavior Analytics for SAML authentication, behavior analysis, and integration purposes. Integration allows me to identify version controls in CRM systems and analyze remote users. Additionally, I use it for streaming and machine learning kit integration, focusing on behavior analysis.
I recommend it to my customers, but I'm a salesman. I am not implementing it myself.
The solution helps us with the governance of attacks. We use the solution for threat identification and governance. The solution's use cases depend on the logs we ship to them because we ship all the logs of different products.
We introduced this solution to our customers and requested some dashboards, analytics, statistics, and information to be available through Splunk. However, I'm not proficient in the details and queries. We work at the airport and operate at various levels of management to ensure the quality of products and applications. We monitor the transportation of suitcases, the number of errors in applications, the number of incorrect log-ins, the number of users, and other statistics. System management, includes monitoring system behavior, memory size, memory usage, schedules, and analyzing what happened. It also involves network monitoring for messages that impact systems and specific applications, including downtime and performance issues. The level of involvement and responsibility varies based on an individual's role within the company.
We have an application running for our e-commerce site, and we use Splunk primarily to detect anomalous behavior like false orders and other bot-related threats. Splunk helps us analyze and eliminate threats using machine learning.
Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching.
We do technical training and so we do training on the platform. We deploy it on our lab machines for students.
We are a cybersecurity vendor and Splunk is the main product that we work with. We are predominantly a Splunk shop. We sell security solutions, so our primary use case for Splunk UBA is security.
We use the solution to feed telemetry data from the network into the collective for display-only. We haven't yet come to a point where we have decided on the process of the status for subsequent operational automation.
Splunk has features that no other solutions have. We work in organizations that have a big volume of data. Our primary use case of this solution is for indexing. The best solution that we found that could fit our needs was Splunk.
We primarily use this solution for security.
Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation.
Our primary use is intrusion detection and analysis. It is a great product because it is intelligent and does everything for us.
The solution has two main uses. The primary use is for log management and storage. The secondary use is related to solution log coordination and selection.
The primary use case for this solution is to collect data from multiple different sources to be able to use it to proactively prevent damages.
Threat hunting is our primary use case.
We are performing a couple of integrations with other products. We are using the latest version that is available.
We use this product to support our operations.