77. ● How does the app work?
– Leverages primarily | stats for UEBA
– Also implements several advanced Splunk searches (URL Toolbox, etc.)
● Why call it UEBA?
– These use cases are oven in UEBA tools
– 2/3 of use case build on a baseline, which is a hallmark of UEBA
– 1/3 are advanced analy+cs that other vendors showcase in their UEBA
● How does it scale?
– App automates the u+liza+on of high scale techniques
– Summary indexing for Time Series, caching in lookup for First Time
99. ML Toolkit & Showcase
• Splunk Supported framework for building ML Apps
– Get it for free: hEp://+ny.cc/splunkmlapp
• Leverages Python for Scien+fic Compu+ng (PSC) add-on:
– Open-source Python data science ecosystem
– NumPy, SciPy, scitkit-learn, pandas, statsmodels
• Showcase use cases: Predict Hard Drive Failure, Server Power
Consump+on, Applica+on Usage, Customer Churn & more
• Standard algorithms out of the box:
– Supervised: Logis+c Regression, SVM, Linear Regression, Random Forest, etc.
– Unsupervised: KMeans, DBSCAN, Spectral Clustering, PCA, KernelPCA, etc.
• Implement one of 300+ algorithms by edi+ng Python scripts