The User and Entity Behavior Analytics Module (UEBAM) is a collection of AI Engine rules designed to detect unusual or malicious user activity that is occurring within your organization.

The UEBA Module contains licensed content that is available only to customers with a valid subscription.

Module Revisions

The following table summarizes the changes that have been made since the last release (3.1) of the User and Entity Behavior Module.


AIE Rule Name


1560 Compromise: UEBA Multiple O365 Files Del:1st 
1561 Compromise: UEBA Multiple O365 Files Del:2nd 
1562 Compromise: UEBA Multiple O365 Downloads 
1563 Compromise: UEBA New Host & User Pass Change 
1564 Compromise: UEBA User Score & Pass Modified