The User and Entity Behavior Analytics Module (UEBAM) is a collection of AI Engine rules designed to detect unusual or malicious user activity that is occurring within your organization.
The UEBA Module contains licensed content that is available only to customers with a valid subscription.
The following table summarizes the changes that have been made since the last release (3.0) of the User and Entity Behavior Module.
AIE Rule ID
AIE Rule Name
Compromise: UEBA and User-related Security Classification Event: Impacted User
Compromise: UEBA Multiple User Threat Events
Compromise: UEBA and Recent User Location
Compromise: UEBA and Location Watch List
Compromise: UEBA and User Recently Added to a Privileged Group
Compromise: UEBA and User-related Security Classification Event
Compromise: UEBA Threat Event
Compromise: UEBA Threat Event and Identity Lists
Exfiltration: UEBA and File (NGFW) Detection
Exfiltration: UEBA and Sensitive Data (NGFW) Detection