The UEBA dashboard displays the events analyzed and the number of anomalies detected. The entity types are users, servers, shares, and websites. The displayed entity types can vary depending upon the analytics output. You can also drill down on the risky entities, search the information specific to each anomaly and explore the raw log events for further threat analysis. Everyday UEBA runs analytics and updates information displayed in the overview.
While providing output, UEBA analytics also considers entities not included in the UEBA license such as websites, servers, and shares. This means the number of entities in the output can be greater than the number of licensed entities.
UEBA Page¶
To access UEBA, click the UEBA icon in the navigation bar. You need to enable UEBA to see it in the navigation bar. Go to Enabling UEBA for details.
UEBA contains the following major components: