Discover, share, and install apps and add-ons with the Splunk community on Splunkbase. Publish your own or add others to your Splunk platform instance.
Streamline your security operations with a SOAR system that integrates orchestration, playbook automation, and case management to enhance threat response.
Access and share apps and add-ons with the Splunk community on Splunkbase. Publish your own apps, or download and install others on your Splunk platform instance.
Turn on or turn off UEBA detections in the risk or test index
You can turn on or turn off UEBA detections in two indexes: risk or ba_test. Turning on the detection allows it to generate findings in that index. By default, UEBA detections for cloud deployments are turned on in the test index, ba_test.
In Splunk Enterprise Security, select Security content and then select Content management.
To filter for UEBA detections, change the Type filter to UEBA detection .
Select the link for the detection that you want to turn on or turn off.
To turn on a detection, select Turn on in risk index or Turn on in test index for the index you want to generate findings in.
To turn off a detection so that it doesn't create findings in any index, select Off.