UEBA shows the statistics of the current threats and lets you analyze them in detail.
You can see the number of events analyzed by the system and the number of anomalies detected in your organization. The supported entity types are users, servers, shares, and websites. The displayed entity types can vary depending upon the analytics output. You can also drill down on the risky entities, search the information specific to each anomaly and explore the raw log events for further threat analysis. Everyday UEBA runs analytics and updates information on the page.
While providing output , UEBA analytics also considers entities not included in the UEBA license such as websites, servers, and shares. This means the number of entities in the output can be greater than the number of licensed entities.
UEBA Page¶
To access UEBA, click the UEBA icon in the navigation bar. You need to enable UEBA to see it in the navigation bar. See Enabling UEBA for details.
UEBA contains the following major components:
Overall Risk
Matrix of Anomalies
Entity Overview
Anomalies