Skip to main content

 

Splunk Lantern

Getting help with UBA

 

Training

Splunk offers a number of EDU training courses to help you get up to speed on how to make the most of your deployment. Completion of these courses is an essential building block to success. To explore all the education options, go to the course catalog and filter by the products you own. For more assistance understanding the course offerings, what certifications are available, and the perks included in the new learning rewards program, review the Splunk Education Student Handbook or get in touch with your account manager. 

Good courses to start with to learn Splunk User Behavior Analytics are:
Course Price Description
Splunk User Behavior Analytics Free This course tours the UBA interface, looks at how UBA defines threats, and discusses steps to take when responding to possible threats and how to triage false positives.
UBA SOC Analyst Walkthrough Free This course walks through the interface and functionality flow for UBA SOC Analysts and includes detections, anomalies, threats, investigations, user anomalies, notable events and actions, and moving between ES and UBA.
UBA Admin Walkthrough Free This course provides an overview of role-based access and diagnostics and walks you through how to navigate the user interface, create users, and manage the system. You'll also learn about data sources, output connectors, subscription content, system settings, anomalies, and tuning.

Technical help - OnDemand Services (ODS)

ODS consultants work with you directly to help you get answers to general questions, get insight on best practices, explore functionality, deploy or review the health of your instance, and implement your use cases. Most customers have OnDemand Services included as a part of their license purchase, but they do expire at the end of each quarter. Use them as early as possible in the quarter by following these instructions from the OnDemand Services Portal End User Guide

  1. Open a request under the product Enterprise Security (ES)/UBA.
  2. Select the task Ask a Security Expert.
  3. Wait for the consultant to reach out to you directly to help.

If you cannot open a case or do not know if you have OnDemand access, contact your Splunk Customer Success Manager/Advocate or Account Team or the ODS team at OnDemand-Inquires@splunk.com for clarification and assistance.

Plan Implement Use/Adopt Scale
  • Use Case Advisory Discussion
  • Architecture Diagram Creation
  • Data Readiness
  • Security Maturity Guidance
  • Splunk Enterprise Security Use Case Implementation Guidance
  • Post Implementation Review
  • Getting Started with Security Cloud Suite or Splunk Security Analytics for AWS (SSA4AWS)
  • Data Model Review
  • Asset Identification
  • Data Source Review
  • Index and Retention Review
  • Enterprise Security/UBA Technical Assessment
  • Upgrade Readiness Assessment
  • Scaling Advisement & Expansion Readiness Assessment
  • Security Integrations Review
  • Report or Dashboard Optimization

Project-based services

Project-Based Services are much more involved, typically larger-scale services engagements compared to ODS. With these, you will work with a Splunk Engagement Manager to determine and finalize the scope of the project. Once everything is signed off, we will work with you in lockstep to deliver on the agreed-upon project. If you’d like to explore options here, please get in touch with us via this contact form or get in touch with your account manager

 Support

Even the most savvy customer will need a little help. Whether it’s error messages, unexplained or unexpected behaviors, or incidents and outages, Technical Support is the first line of defense for all of your post-sales issues. Splunk Support Engineers will partner with you to ensure your environment is optimized to drive your journey with a focus on long-term technical health, so you can realize your ROI as soon as possible.

To review what is included with the Standard and Premium support programs, click here.

The Support Portal can be accessed from the Splunk.com home page for logged in users, or from the Splunk product application user interface. Bring up the navigation menu, scroll to the bottom of the side-bar, select Help & Support, and then select Support and Community. From there you will be able to open a support case.