Getting Started in LogRhythm UEBA
CloudAI is now named LogRhythm UEBA.
However, both names are referenced in our documentation. While the product name is now LogRhythm UEBA, the user interface (UI) continues to reference CloudAI.
You must integrate LogRhythm UEBA (formerly CloudAI) with your LogRhythm deployment before you can access data. For technical assistance, contact LogRhythm Customer Support.
Set Up LogRhythm UEBA on Your LogRhythm Deployment
The steps required to set up and configure LogRhythm UEBA in your LogRhythm deployment are described in the following sections.
Within forty-eight hours of configuring LogRhythm UEBA, the Web Console widgets start to retrieve anomaly scores.
Request Access
Access to LogRhythm UEBA (CloudAI) is currently only available when you have a valid subscription. Contact your Customer Relationship Manager to learn more and sign up for this service.
Configure TrueIdentities
TrueIdentities must be configured for LogRhythm UEBA (CloudAI) to monitor.
For more information, see the LogRhythm Software Installation Guide and the Client Console Administrator Guide.
This step is required following upgrade to 7.4.0.
Configure the Monitored Identities List
LogRhythm UEBA uses the "CloudAI: Monitored Identities" list in your LogRhythm SIEM to know which identities it should analyze. Make sure this list includes all identities you want analyzed.
The Monitored Identities List should have less than or equal to the number of identities to be analyzed that were purchased. If the list exceeds the licensed limit, the entire list will be rejected.
This step is required following upgrade to 7.3.2.