Follow these steps to view behavior-based detections from the User and Entity Behavior Analytics (UEBA) app in Splunk Enterprise Security:

1. In Splunk Enterprise Security, select Security content and then select Content management to view the list of detections.
2. To filter for behavior-based detections, change the Type filter to Behavior-based detection and change the App filter to User and Entity Behavioral Analytics Content.
3. Select a detection to view the detection details.
   Note: You can't edit or create behavior-based detections on the Content management page. These detections are view only in Splunk Enterprise Security.
4. (Optional) In the Status column for the detection, use the drop-down menu to select On or Off. A detection that's turned off does not create any events in any index.
5. (Optional) In the Actions column for the detection, select the more icon ( ), and then select Manage finding exclusion rules. With finding exclusion rules, you can exclude risk for a given detection based on specified criteria. You can create and manage finding exclusion rules in the UEBA app.