Version:

Data Privacy Module in UEBA

The Data Privacy Module lets you encrypt entities in UEBA and directly explore encrypted raw events using the Explore Raw Events option.

Configuring the Data Privacy Module in UEBA

  1. Go to Settings >> System >> System Settings.

  2. Select the Data Privacy Module tab.

  3. Enable Data Privacy Module.

  4. Select an Encryption Scheme.

  5. Enter the Fields you want to encrypt and click Add. If you want to encrypt the user, website, share, server, resource, ip, or machine fields, you must also add the following fields:

    • userPrincipalName

    • sAMAccountName

    • entityName

    • alert

    • searchQuery

    • templates_info

    • share_path

    • object_name

    • host

    • domain

    • source_address

    • destination_address

    • source_machine_id

    • destination_machine_id

    • mail

    • sender

    • SI_USER

  6. Click Save.

While exploring raw events, the lookup process command does not enrich risk scores in the raw events.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support