User and Entity Behavior Analytics
The User and Entity Behavior Analytics Module (UEBAM) is a collection of AI Engine rules designed to detect unusual or malicious user activity that is occurring within your organization.
The UEBA Module contains licensed content that is available only to customers with a valid subscription.
Module Revisions
The following table summarizes the changes that have been made since the last release (3.3) of the User and Entity Behavior Module.
AIE Rule ID | AIE Rule Name |
|---|---|
New | |
| 1598 | LogRhythm Intelligence and File (NGFW) Detection |
| 1599 | LogRhythm Intelligence and Location Watch List |
| 1600 | LogRhythm Intelligence and Recent User Location |
| 1601 | LogRhythm Intelligence and Sensitive Data (NGFW) Detection |
| 1602 | LogRhythm Intelligence and User Recently Added to a Privileged Group |
| 1603 | LogRhythm Intelligence and User related Security Classification Event:Impacted User |
| 1604 | LogRhythm Intelligence and User related Security Classification Event:Origin User |
| 1605 | LogRhythm Intelligence Multiple O365 Downloads |
| 1606 | LogRhythm Intelligence Multiple O365 Files Del:1st |
| 1607 | LogRhythm Intelligence Multiple O365 Files Del:2nd |
| 1608 | LogRhythm Intelligence New Host & User Pass Change |
| 1609 | LogRhythm Intelligence Threat Event |
| 1610 | LogRhythm Intelligence Threat Event and Identity Lists |
| 1611 | LogRhythm Intelligence User Score & Pass Modified |
| 1612 | LogRhythm Intelligence Multiple User Threat Events |
UEBA Module Contents