A hunter investigates suspicious user activity based on data loss prevention alarms and anomalies. You can take the following actions to investigate suspicious user activity in Splunk UBA:

1. Review current anomalies identified in your environment on the Anomalies Table. See, Review anomalies on the anomalies table.
2. Dig deeper into suspicious users on the Users Table. See, See all users on the user table.
3. Save filters and create a Custom Dashboard with organization-specific views to monitor suspicious activity. See, Create a custom dashboard.