Splunk App for Behavioral Profiling¶
The Splunk App for Behavioral Profiling is a collection of workflows which enable you to operationalise detection and scoring of behavioral anomalies at scale in complex environments, correlated to profile and highlight the entities which require investigation.
Features¶
-
Deploy Behavioral Anomaly Rules: Define and schedule behavioral indicator searches and anomaly scoring rules with the help of a guided workflow, which turns the behaviors you want to track into operationalised anomaly detection rules, outputing behavioral scores aligned to entities.
-
Investigate Entities: Utilise the dashboards provided to view and drill-down on the entities which have the highest behavioral scores, using the panels provided to investigate the pattern of activity and mark the entity as reviewed or allow listed if required.
-
Monitor Performance: Ensure your rules continue to execute effectively by monitoring their performance and output via the provided views, allowing easy adjustment if necessary to continue to allow you to find the entities that matter.
Target Users¶
-
Fraud Teams tasked with locating increasingly sophisticated attackers that employ evolving methods across physical and digital channels to avoid simplistic detection rules.
-
IT Operations supporting modern infrastructure, services and solutions comprising many disparate parts, any of which could be creeping towards an issue that compromises the resilience of the platform and brings the entire service down.
-
Insider Threat analysts attempting to hunt the unusual behaviours pointing towards criminal activity whilst grappling with inflexible solutions offering too little transparency and too much complexity for teams to tune to their operations.
-
Platform Moderators chasing malicious users, posting abusive or illegal material, directly affecting revenue and customer sentiment without detection amid a marketplace of inapplicable solutions for bespoke platforms.
-
Anyone who needs to understand the specific entities in their domain which are behaving anomalously compared with a wider group or the entity's historic behavior.
Demo¶
Not a reader? App demonstrations available to watch here