Skip to main content
Skip table of contents

TrueIdentity in LogRhythm UEBA

CloudAI is now named LogRhythm UEBA.

However, both names are referenced in our documentation. While the product name is now LogRhythm UEBA, the user interface (UI) continues to reference CloudAI.

TrueIdentities in the Web Console represent a collection of identifiers, such as logins and email addresses, that comprise a single identity. For example, the identity Mary Moore might have two associated logins (mary.moore and mary.moore_sup) and one email address (mary.moore@recordflow.com) associated. With Identities, the following series of logs are united under the TrueIdentity Mary Moore:

First Log DateUser (Origin)User (Origin) IdentityClassificationCommon EventPriority
7/22/2017 21:33mary.mooreMary MooreAccess GrantedAccount Added to Group13
7/22/2017 21:07mary.moore_supMary MooreAccess FailureAccess Object Failure21
7/22/2017 21:05mary.mooreMary MooreAccess GrantedAccount Added to Group10
7/22/2017 20:58mary.moore@recordflow.comMary MooreAuthentication FailureUser Logon Failure: Bad Password19

To manage existing TrueIdentites, and create new TrueIdentities, see the TrueIdentity Sync Client User Guide.

If you have a multi-tenant environment, go to C:\Program Files\LogRhythm\LogRhythm Mediator Server\config, and set the EnableIdentityEntitySegregation parameter in the scmedsvr.ini to True. When configuring Active Directory (AD) synchronization, select the root entity of your Data Processor and Agent hosts that contains the logs and log sources you would like to monitor with CloudAI.

For more information, see the setting information in the Data Processor section of the Enterprise SIEM Help. and the UEBACAI documentation.

To access the TrueIdentity page, on the top navigation bar, click the Administration icon, and select TrueIdentity.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.