1:) 背景:
Splunk UBA 是一定要先导入HR 的数据的,先看一下原因:
Why Splunk UBA requires HR data - Splunk Documentation
Why Splunk UBA requires HR data
Add human resources (HR) data, such as employee details and their account information, from Active Directory or other HR systems to Splunk UBA. HR data must be loaded before any other data is loaded into Splunk UBA.
Splunk UBA uses HR data to do the following with other data loaded into Splunk UBA:
-
Categorize accounts by type. Splunk UBA defines the