Follow these steps to view behavior-based detections from User and Entity Behavior Analytics (UEBA) in Splunk Enterprise Security:

1. In Splunk Enterprise Security, select Security content and then select Content management to view the list of detections.
2. To filter for behavior-based detections, change the Type filter to Behavior-based detection.
3. Select a detection to view the detection details.
   Note: You can't edit or create behavior-based detections on the Content management page. These detections are view only in Splunk Enterprise Security.
4. (Optional) In the Status column for the detection, use the drop-down menu to select On or Off. A detection that's turned off does not create any events in any index.
   Note: For UEBA cloud deployments, you can turn on a detection in either the test or risk index. By default, all cloud detections are turned on in the ba_test index. See Turn on or turn off behavior-based detections in the risk or test index.
5. (Optional) In the Actions column for the detection, select the more icon ( ), and then select Manage finding exclusion rules. With finding exclusion rules, you can exclude risk for a given detection based on specified criteria. See Finding exclusions in Splunk Enterprise Security to create and manage finding exclusion rules.