Splunk User and Entity Behavior Analytics (UEBA) is a security capability natively integrated within Splunk Enterprise Security that uses machine learning and behavioral analytics to detect insider threats and advanced attacks. It continuously baselines normal user and entity behavior to identify subtle deviations indicative of account misuse, compromised credentials, and lateral movement. UEBA aggregates risk signals from multiple sources into a single Entity Risk Score per user or entity, enabling SOC teams to prioritize the most critical threats and reduce alert fatigue. It correlates behaviors across users, devices, endpoints, and cloud applications to uncover complex attack patterns spanning multiple systems. Analysts are equipped with enriched alert metadata, peer group comparisons, historical behavioral context, threat timelines, and risk heat maps to support faster, more confident decision-making. Automated threat detection and prioritization using multiple machine learning models continuously monitors for emerging threats without manual intervention. UEBA is natively integrated with Splunk Enterprise Security, unifying detection, investigation, and response workflows within a centralized incident view that combines UEBA behavioral insights with SIEM correlation rules. It is part of Splunk's unified SecOps platform alongside SOAR, SIEM, and agentic AI capabilities.