Version:

Going Back to the UEBA Page from the Raw Event Logs

  1. Click on an entity tab in the UEBA page.

  2. You can explore raw events in two ways:

    1. Hover over the More (kebab) menu and click Explore Raw Events.

    ../_images/UEBA_Page_Explore_Raw_Events.png

    Exploring Raw Events From the More Menu

  1. Click the Expand (plus) button of an anomaly and click Explore Raw Events.

    ../_images/UEBA_Page_Explore_Raw_Events_Anomaliespanel.png

    Exploring Raw Events From the Expand Button

  1. Click Explore in UEBA to get more details on any of the following fields.

    • user

    • userPrincipleName

    • sAMAccountName

    • host

    • share_path

    • destination_address

    • server

    • share

    • website

    • domain

    • resources

    • source_address

    • SI_USER

../_images/UEBA_Dashboard_Drilldown_Explore_in_UEBA.png

Expand the UEBA Field

You are re-directed to the UEBA page with the value of the field as the filter. If the start_ts and end_ts fields are present in the event logs, UEBA applies the time range filter according to the value of these fields. Otherwise, UEBA applies the time range filter of seven days from the date UEBA ran the analytics.

../_images/UEBA_Dashboard_Drilldown_Redirect_to_Dashboard.png

Going Back to the UEBA Page

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support