TrueIdentity
TrueIdentities in the Web Console represent a collection of identifiers, such as logins and email addresses, that comprise a single identity. For example, the identity Sarah Smith might have two associated logins (sarah.smith and sarah.smith.sup) and one email address (s.smith@gmail.com) associated. With Identities, the following series of logs are united under the TrueIdentity Sarah Smith:
| First Log Date | User (Origin) | User (Origin) Identity | Classification | Common Event | Priority |
|---|---|---|---|---|---|
| 7/22/2017 21:33 | sarah.smith | Sarah Smith | Access Granted | Account Added to Group | 13 |
| 7/22/2017 21:07 | sarah.smith_sup | Sarah Smith | Access Failure | Access Object Failure | 21 |
| 7/22/2017 21:05 | sarah.smith | Sarah Smith | Access Granted | Account Added to Group | 10 |
| 7/22/2017 20:58 | s.smith@gmail.com | Sarah Smith | Authentication Failure | User Logon Failure: Bad Password | 19 |
To manage existing TrueIdentites, and create new TrueIdentities, see the TrueIdentity Sync Client User Guide.
If you have a multi-tenant environment, go to C:\Program Files\LogRhythm\LogRhythm Mediator Server\config, and set the EnableIdentityEntitySegregation parameter in the scmedsvr.ini to True. When configuring Active Directory (AD) synchronization, select the root entity of your Data Processor and Agent hosts that contains the logs and log sources you would like to monitor with CloudAI.
For more information, see the setting information in the Data Processor section of the SIEM Help. and the UEBACAI documentation.
To access the TrueIdentity page, on the top navigation bar, click the Administration icon, and select TrueIdentity.