TrueIdentity in LogRhythm UEBA
CloudAI is now named LogRhythm UEBA.
However, both names are referenced in our documentation. While the product name is now LogRhythm UEBA, the user interface (UI) continues to reference CloudAI.
TrueIdentities in the Web Console represent a collection of identifiers, such as logins and email addresses, that comprise a single identity. For example, the identity Mary Moore might have two associated logins (mary.moore and mary.moore_sup) and one email address (mary.moore@recordflow.com) associated. With Identities, the following series of logs are united under the TrueIdentity Mary Moore:
| First Log Date | User (Origin) | User (Origin) Identity | Classification | Common Event | Priority |
|---|---|---|---|---|---|
| 7/22/2017 21:33 | mary.moore | Mary Moore | Access Granted | Account Added to Group | 13 |
| 7/22/2017 21:07 | mary.moore_sup | Mary Moore | Access Failure | Access Object Failure | 21 |
| 7/22/2017 21:05 | mary.moore | Mary Moore | Access Granted | Account Added to Group | 10 |
| 7/22/2017 20:58 | mary.moore@recordflow.com | Mary Moore | Authentication Failure | User Logon Failure: Bad Password | 19 |
To manage existing TrueIdentites, and create new TrueIdentities, see the TrueIdentity Sync Client User Guide.
If you have a multi-tenant environment, go to C:\Program Files\LogRhythm\LogRhythm Mediator Server\config, and set the EnableIdentityEntitySegregation parameter in the scmedsvr.ini to True. When configuring Active Directory (AD) synchronization, select the root entity of your Data Processor and Agent hosts that contains the logs and log sources you would like to monitor with CloudAI.
For more information, see the setting information in the Data Processor section of the Enterprise SIEM Help. and the UEBACAI documentation.
To access the TrueIdentity page, on the top navigation bar, click the Administration icon, and select TrueIdentity.