TrueIdentities need to be maintained periodically as new users are added, removed, or updated.
You must configure the "CloudAI: Monitored Identities list" to include all identities you want analyzed by LogRyhthm UEBA.
The Monitored Identities List should have less than or equal to the number of identities to be analyzed that were purchased. If the list exceeds the licensed limit, the entire list will be rejected.
This step is required following upgrade to 7.3.2.
Configure the Monitored Identities List (On-premises Installations)
For on-premises installations, configure the Monitored Identities List via the LogRhythm Web Console.
- Log in to the LogRhythm Web Console.
- On the right side of the top navigation bar, click the Administration icon, and then click Lists.
The Lists grid appears.
- Search for and select the CloudAI: Monitored Identities list from the Lists grid.
The Inspector panel opens on the right side of the page.
- Scroll to the bottom of the Inspector panel and click Contents.
The Contents section expands.
Enter new list entries manually, or browse the tabs of known values and select which items you want to add to the list. You can use the Control or Shift key to select multiple entries at once. For more information about item types available for each list type, see Lists in the Client Console.
In LogRhythm Enterprise 7.3.2, Entity Segregation does not apply to Identity lists. When adding or modifying Identity list items, any Identity can be selected, regardless of the Entity to which it is associated. Contact your Customer Relationship Manager if you use Entity Segregation and need further assistance.
Click Add to add the item. The Add button names vary depending on the type of entry being added.
For more information, see the Add List Items in the Web Console topic of the Web Console User Guide.
Configure the Monitored Identities List (LogRhythm Cloud)
In LogRhythm Cloud, configure the Monitored Identities List via the Client Console.
Access the Client Console
The LogRhythm Client Console is delivered via a solution called Cameyo. This solution provides an RDP-like experience through an HTTPS-secured HTML5 web app. Cameyo can be accessed at this URL: https://logrhythm.cameyo.com
Users log in to Cameyo using either an O365 or Google account.
The LR Cloud team must grant permissions to the O365 or Google account to enable access the customer's corresponding environment. After the LR Cloud team authenticates the account, the user can log in to Cameyo,
To access the Client Console:
- Log in to Cameyo using your authenticated O365 or Google account.
A tile appears.
- Click the tile.
The Client Console log in screen appears.
- Enter your Client Console credentials.
- On the main toolbar, click List Manager.
The Lists grid appears.
- Search for the CloudAI: Monitored Identities list from the Lists grid.
- Right-click the CloudAI: Monitored Identities row, and click Properties.
The List Properties dialog box appears.
- Click the List Items tab and add or remove items as needed.
- Click OK.