The LogRhythm User and Entity Behavior Analytics (UEBA) (formerly CloudAI) service provides visibility into insider threats, compromised accounts, and privilege abuse. TopX widgets that are configured to show User (Origin) and User (Impacted) data integrate with the LR UEBA user interface to provide behavioral profiling and peer group analytics data.
To use UEBA, you must purchase a license and grant permission through the Client Console. For more information, see the Client Console Administrator Guide.
If you do not have a LogRhythm UEBA license, you can still configure TopX widgets to show User (Origin) and User (Impacted) data, but you will not have the ability to access UEBA to obtain detailed information about the users shown in the widgets. Contact your Customer Relationship Manager to learn more or to sign up for this service. For more information, see LogRhythm UEBA.
To use UEBA, on the navigation bar, click UEBA. Alternatively:
- Select a user profile you want UEBA information on by doing one of the following:
- From a Top User widget, click the bar, line, or pie slice that represents the user you want more information on.
- On the lower-right side of the page, click the Logs tab. From the Analyzer grid, click a user name in the User (Origin) or User (Impacted) column.
- In the Inspector panel, scroll down to the UEBA section, if necessary, and then click Look Up.
- Enter your credentials, if necessary, and then click Login. UEBA opens to detailed information for the selected user. If the user cannot be found in your network, UEBA opens but no data is returned.
When you are in UEBA, you can drill down on the user's chart for further details or click Overview at the upper-left corner of the page to compare all users on the network. Any time range filters you have set in the Web Console are not applied in UEBA. The UEBA homepage provides an overview of anomalous users on your network based on data from the most recent Scored Period.