Skip to content

How to manage Ueba

How to manage UEBA

UEBA Manager function allows you to set the membership of users, assets and events to their related groups (AssetGroup, UserGroup, EventGroup) :

To access the page, go to Settings > Management > UEBA Manager, and will open:

Users Groups

You need to create a group, in Users Groups, by pressing Alt Image button, and the page will open:

Name: In this field, type a name that identifies the newly created user group.

Details: Type a detail about the created user group.

Click the "Save" button to confirm the creation of your user group or you can cancel by pressing the "Cancel" button.

In Users Groups interface, you will see the group that you created, and in this page you have options for edit and delete and update:

Users

You have to set the user's membership in the corresponding group.

To add user, press Alt Imagebutton, and the page will open:

Name: In this field, type a name that identifies the newly created user.

Details: Type a detail about the created user.

Group for selected user: Choose from the list the group you want the user to belong to.

Click the "Save" button to confirm the creation of your user group or you can cancel by pressing the "Cancel" button.

In Users interface, you will see the group that you created, and in this page you have options for edit and delete and update:

Assets Groups

You need to create a group, in Assets Groups, by pressing Alt Image button, and the page will open:

Name: In this field, type a name that identifies the newly created asset group.

Details: Type a detail about the created asset group.

Click the "Save" button to confirm the creation of your user group or you can cancel by pressing the "Cancel" button.

In Assets Groups interface, you will see the group that you created, and in this page you have options for edit and delete and update:

Assets

You have to set the asset's membership in the corresponding group.

To add asset, press button, and the page will open:

Name: In this field, type a name that identifies the newly created asset.

Details: Type a detail about the created asset.

Group for selected asset: Choose from the drop-down list the group you want the asset to belong to.

Click the "Save" button to confirm the creation of your user group or you can cancel by pressing the "Cancel" button.

In Assets interface, you will see the group that you created, and in this page you have options for edit and delete and update:

Events Groups

You need to create a group, in Events Groups, by pressing Alt Image button, and the page will open:

Name: In this field, type a name that identifies the newly created event group.

Details: Type a detail about the created event group.

Click the "Save" button to confirm the creation of your user group or you can cancel by pressing the "Cancel" button.

In Events Groups interface, you will see the group that you created, and in this page you have options for edit and delete and update:

Events

You have to set the event's membership in the corresponding group.

To add asset, press button, and the page will open:

Name: In this field, type a name that identifies the newly created event.

Details: Type a detail about the created event.

Group for selected asset: Choose from the drop-down list the group you want the event to belong to.

Click the "Save" button to confirm the creation of your user group or you can cancel by pressing the "Cancel" button.

In Events interface, you will see the group that you created, and in this page you have options for edit and delete and update:

Patterns List

You have to define the patterns based on which the Risk factor associated with each event is determined. To add a pattern, click on button:

Name: In this field, type a name that identifies the newly created pattern.

Details: Type a detail about the created pattern.

Group for user: Choose from the list the group for user, which you already created in Users Groups.

Group for asset: Choose from the list the group for asset, which you already created in Assets Groups.

Group for event: Choose from the list the group for event, which you already created in Events Groups.

Risk score: You can give a risk score for this pattern, from 0 to 100.

In Events interface, you will see the group that you created, and in this page you have options for edit and delete and update: