Where is detailed information about identities stored in Splunk?

The correct choice for where detailed information about identities is stored in Splunk is the User Activity index. The User Activity index is specifically designed to provide comprehensive insights into user behaviors, including their actions and interactions within the system. This index aids in tracking user activity across various data sources, making it fundamental for security monitoring and compliance reporting.

The Identity Investigator index, while a useful component in identity management, is typically more focused on investigating identities rather than storing granular user details. Similarly, the Access Anomalies collection is concerned with atypical access patterns which can indicate security risks but does not store comprehensive identity information. The Identity Lookup CSV file serves to map user identities and attributes for various systems but is not a database or an index, thus lacking the depth of information offered by the User Activity index.