Skip to content

How to manage UEBA

UEBA Manager configures membership of users, assets, and events in related groups (UserGroup, AssetGroup, EventGroup) used for behavioral analytics and risk scoring.

To access the page, go to Settings > Management > UEBA Manager.

UEBA Manager

User groups

Create a group in Users Groups by clicking the add button: Add user group.

User group form

  • Name: Name that identifies the user group

  • Details: Additional details about the group

Click Save to create the user group, or Cancel to discard.

The Users Groups view lists existing groups and provides options to edit, update, or delete:

User groups list

Users

Assign users to UEBA user groups.

Users tab

To add a user, click the add button: Add user.

User form

  • Name: Name that identifies the user

  • Details: Additional details about the user

  • Group for selected user: Group to which the user belongs

Click Save to create or update the user entry, or Cancel to discard.

The Users view lists configured users and provides options to edit, update, or delete:

Users list

Asset groups

Create a group in Assets Groups by clicking the add button: Add asset group.

Asset group form

  • Name: Name that identifies the asset group

  • Details: Additional details about the group

Click Save to create the asset group, or Cancel to discard.

The Assets Groups view lists existing groups and provides options to edit, update, or delete:

Asset groups list

Assets

Assign assets to UEBA asset groups.

Assets tab

To add an asset, click the add button: Add asset.

Asset form

  • Name: Name that identifies the asset

  • Details: Additional details about the asset

  • Group for selected asset: Group to which the asset belongs

Click Save to create or update the asset entry, or Cancel to discard.

The Assets view lists configured assets and provides options to edit, update, or delete:

Assets list

Event groups

Create a group in Events Groups by clicking the add button: Add event group.

Event group form

  • Name: Name that identifies the event group

  • Details: Additional details about the group

Click Save to create the event group, or Cancel to discard.

The Events Groups view lists existing groups and provides options to edit, update, or delete:

Event groups list

Events

Assign events to UEBA event groups.

Events tab

To add an event, click the add button: Add event.

Event form

  • Name: Name that identifies the event

  • Details: Additional details about the event

  • Group for selected event: Group to which the event belongs

Click Save to create or update the event entry, or Cancel to discard.

The Events view lists configured events and provides options to edit, update, or delete:

Events list

Patterns list

Define patterns that determine the risk factor associated with each event. To add a pattern, click the add button: Add pattern.

Pattern form

  • Name: Name that identifies the pattern

  • Details: Additional details about the pattern

  • Group for user: User group to which the pattern applies (from Users Groups)

  • Group for asset: Asset group to which the pattern applies (from Assets Groups)

  • Group for event: Event group to which the pattern applies (from Events Groups)

  • Risk score: Risk score from 0 to 100 associated with the pattern

The Patterns view lists configured patterns and provides options to edit, update, or delete:

Patterns list