Skip to content

Commit

Permalink
added uba-lite to navigation
Browse files Browse the repository at this point in the history
Signed-off-by: Zachary Christensen <zchristensen@splunk.com>
  • Loading branch information
ZachTheSplunker committed Sep 13, 2024
1 parent d7da6be commit 2eaae97
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 2 deletions.
6 changes: 5 additions & 1 deletion docs/searches/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,8 @@ One of the great features in RBA is knowing how often something has occurred in

## [Threat Object Types](./threat_object_types.md)

Increasing the number of threat object types you track in Risk Rules can be really helpful for tuning noisy alerts, threat hunting on anomalous combinations, and automating SOAR enrichment to unique threat object types. Haylee and Stuart's [Threat Object Fun dashboards](https://splunkbase.splunk.com/app/6917){ target="blank" } can be helpful for all three.
Increasing the number of threat object types you track in Risk Rules can be really helpful for tuning noisy alerts, threat hunting on anomalous combinations, and automating SOAR enrichment to unique threat object types. Haylee and Stuart's [Threat Object Fun dashboards](https://splunkbase.splunk.com/app/6917){ target="blank" } can be helpful for all three.

## [UBA-lite with Basic Statistics](./uba-lite_with_statistics.md)

By comparing entity activity against itself or entities in a peer group (IE business unit, asset category, etc), you can create rules that offer anomaly detection capabilities similar to a UBA/UEBA solution.
2 changes: 1 addition & 1 deletion docs/searches/uba-lite_with_statistics.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# UBA-lite with Basic Statistics

By comparing entity activity against itself or entities in a peer group (IE business unit, asset category, etc), you can create rules that offer anomaly detection capabilities similar to a UBA/UEBA solution. In RBA, you might use this as rules that generate risk events, or a field to use as a risk factor, or even just tags for the entity so that when you're investigating a risk-based alert you have an idea that this entity has been behaving erratically compared to various standards of behavior. Also please consider using the incredible step-by-step guided mode of the [Splunk App for Behavioral Profiling](https://splunkbase.splunk.com/app/6980) by Josh Cowling, Rupert Truman, and Premkumar Vyas; it's incredible!
By comparing entity activity against itself or entities in a peer group (IE business unit, asset category, etc), you can create rules that offer anomaly detection capabilities similar to a UBA/UEBA solution. In RBA, you might use this as rules that generate risk events, or a field to use as a risk factor, or even just tags for the entity so that when you're investigating a risk-based alert you have an idea that this entity has been behaving erratically compared to various standards of behavior. Also please consider using the incredible step-by-step guided mode of the [Splunk App for Behavioral Profiling](https://splunkbase.splunk.com/app/6980){ target="_blank" } by Josh Cowling, Rupert Truman, and Premkumar Vyas; it's incredible!

## Example: Event Count Variance per Category by Risk Object

Expand Down
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ nav:
- Risk Notable History: searches/risk_notable_history.md
- Threat Object Prevalence: searches/threat_object_prevalence.md
- Threat Object Types: searches/threat_object_types.md
- UBA-lite with Basic Statistics: searches/uba-lite_with_statistics.md
- Dashboards:
- dashboards/index.md
- ATT&CK Matrix Risk: dashboards/attack_matrix_risk.md
Expand Down

0 comments on commit 2eaae97

Please sign in to comment.