Skip to main content


Splunk Lantern

Behavior analysis and machine learning


Insider threat is one of the top priorities for most security teams as they work to secure their enterprise. Tools that analyze behavior on the network and use machine learning to find anomalies in behavior can notify of potential threats. Where it could take a human days or weeks to find anomalies, machine learning algorithms can find this behavior in near real-time. You can use Splunk User Behavior Analytics to implement behavior analysis and machine learning - powerful tools that provide automated response and alerting on anomalous behavior.

Insider threat detection using Splunk User Behavior Analytics

Splunk User Behavior Analytics uses machine learning and your existing data in Splunk to find anomalies that may indicate malicious behavior, such as insider threat. Splunk User Behavior Analytics includes a variety of indicators for suspicious or unusual user behavior that can alert your security team to investigate further. Analysts no longer have to sort through mountains of data to find out what a particular user has been up to on the corporate network. They can go to the Splunk User Behavior Analytics dashboard to look up any user and see all their behavior across all systems and machines on the network.

What are the benefits of behavior analysis and machine learning?

You can benefit from the use of machine learning in security analytics through automation and faster correlation of historical data. It would be impossible for any human analyst to pull together correlating events and try to simulate what the machine learning algorithms can do in a matter of seconds. 

The algorithms in machine learning and behavior analytics can lead to:

  • Better anomaly detection
  • Predictive analytics
  • Clustering 

What are behavior analysis and machine learning best practices?

Gathering a baseline of normal activity for entities and users across the network provides businesses with a clear insight into anomalies when behavior falls out of the norm. This can be a leading indicator of a threat, or some other issue that may need further investigation. 

What behavior analysis and machine learning processes can I put in place?  

These resources will help you implement this guidance: