LogPoint UEBA, short for LogPoint User and Entity Behavior Analytics, is a security solution that helps you detect cyberattacks before they become a threat to your organization. It helps you manage any potential breaches efficiently and also provides you the tools to analyze the detected anomalies.
Utilizing unsupervised machine learning, LogPoint UEBA observes the behavior of each user and entity in the network to build baselines for normal behavior, and actions are then evaluated against these baselines. To set a proper baseline, UEBA requires a minimum of 30 days of historical data. If you want to enable UEBA today, you need appropriately normalized and enriched input logs of at least 30 days. LogPoint provides the UEBA PreConfiguration Plugin for easy configuration of the enrichment sources and the enrichment policy. Refer to the UEBA PreConfiguration Plugin Guide for details on preparing your input logs.
LogPoint UEBA uses behavior analysis instead of predefined rules and signatures to define behavior. This ensures that the system only flags abnormal behaviors and reduces false positives.
For example, if a predefined rule is set to trigger an alert whenever users access more than 300 GB of data, it activates at any data usage of over 300 GB. However, a user Bob needs to access more than 300 GB data on average as per his job requirement. Nevertheless, the rule activates, creating a false positive. LogPoint UEBA reduces this false positive by learning that it is usual for Bob to access 300 GB of data. It creates this baseline for Bob’s behavior and fires an alert only when his behavior starts deviating from the baseline.
This guide provides the information that you need to configure and use the components of UEBA. It helps you understand and perform the following tasks:
Configure the necessary settings for LogPoint UEBA. Refer to the UEBA Board section for details.
Understand the LogPoint UEBA analytics and use the UEBA dashboard. Refer to the UEBA Overview section for details.
Use the UEBA alert rules and alert packages. Refer to the About UEBA Alerts section for details.
Understand how UEBA detects threats in an organization through a real case scenario. Refer to the A Case Scenario section for details.
Note
LogPoint UEBA is referred to as UEBA in this guide.