CloudAI for User and Entity Behavior Analytics (UEBA) is a statistical anomaly detection engine, designed to complement the existing UEBA capabilities and integrate with the KB content in the LogRhythm SIEM. CloudAI provides visibility into insider threats, compromised accounts, and privilege abuse—here, categorized as anomalies.The anomaly scores are not designed to be responded to as alarms, but rather provide low volume, high quality threat hunting leads for your analysts, and additional context into the SIEM for use in correlation, dashboards, and workflows. It compares user or entity activity in a recent 24-hour period, called the Scored Period, to a 29-day baseline, called the Baseline Period.

CloudAI is designed to be intuitive and simple to use, which means there is no end-user configuration required to install or use it. CloudAI components are installed with the Data Indexer (DX) during a LogRhythm Enterprise installation, and LogRhythm Support performs all necessary configuration for data collection at the time you purchase a license; until then, the services installed with the DX are disabled.

Users access CloudAI through linked data in the LogRhythm Web Console. The CloudAI web interface includes the following features:

Breadcrumb navigationBreadcrumbs appear in the upper-left corner of the page when you click a user name. Click the breadcrumbs to exit drill-down views and return to a broader look at network users.
Search for Users

In the Top Anomalous Users widget, type a user name in the Search usernames box. As you type, the search box suggests names of CloudAI users. To select one of these users, click the user name or finish typing the name, and then press Enter. Click the user name to display the Threat Event Timeline.

In the Top Anomalous Events widget, click an event card to display the Threat Event Timeline for the user associated with the event.

For more information, see the Threat Event Timeline topic.


Widgets allow analysts to compare network users or drill down for more data on a single user. For more information, see the CloudAI Overview page.