Skip to main content
Skip table of contents

LogRhythm UEBA Offboarding Guide

CloudAI is now named LogRhythm UEBA.

However, both names are referenced in our documentation. While the product name is now LogRhythm UEBA, the user interface (UI) continues to reference CloudAI.

To disable LogRhythm UEBA (CloudAI) from your deployment, complete the following sections.

Remove Certificate

To remove the certificate:

  1. From the PM/XM node, go to your System Settings, and click Add or remove programs.
  2. Click LogRhythm DX – Cloud PKI Certificate, and then click Uninstall.

Disable CloudAI Configuration

  1. Open the LogRhythm Configuration Manager.
  2. On the left-side navigation menu, click CloudAI.
  3. In the Enable CloudAI field, change the value to false.
  4. Click Submit

Disable CloudAI Access

To disable CloudAI access for certain user profiles:

  1. Log in to the LogRhythm Client Console as a Global Administrator.
  2. On the main toolbar, click Deployment Manager.
  3. On the Tools menu, click Administration, and then click User Profile Manager
    The User Profile Manager window appears.
  4. Select a user profile, right-click the selection, and then click Properties.
  5. On the General tab, in the Allow section, uncheck CloudAI Access
  6. Click OK.

Access needs to be disabled for all user profiles with previous CloudAI access.

For more information, see the User Profile Manager topic in the NextGen SIEM Help.

Retire Log Sources

To retire CloudAI log sources:

  1. Log in to the LogRhythm Client Console as a Global Administrator. 
  2. On the main toolbar, click Deployment Manager.
  3. Click the Log Sources tab.
  4. Select the Log Source Type filter, type LogRhythm CloudAI, and click OK
  5. Click Search.
  6. Right- click and select Check All.
  7. Under Actions, select Retire.

Clear the CloudAI: Monitored Identities List

  1. Click the Administration icon in the top-right corner, and click Lists
    The Analyzer grid opens and Lists grid display. 
  2. Click the CloudAI:Monitored Identities list in the grid. 
    The Inspector panel opens. 
  3. Scroll to the Contents section and select all Identities in the list. To select multiple Identities, press and hold the Shift key. 
  4. Click Remove Selected.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close