Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Download PDF lhs-panel

Click here to expand

User analytics

The user analytics data in Incident Workbench incorporates UEBA from the Log360 suite. It's necessary to purchase UEBA to get behaviour analytics and risk score trends of users.

Check the Access page to learn how to invoke Incident Workbench from different dashboards of EventLog Analyzer.
To get user analytics, you can click on any of the following fields that uniquely identify a user:
- Username
- Target User
- VPN UserName
- User Principal Name
- Destination User
- Sourceuser
- Subject Username

The following data will be available in the user analytics section of the Incident Workbench:

User Risk analysis

View the Risk Score Trend, Peak Risk Score and the Cards Based Peak Risk Score for insider threat and data exfiltration. Click on the Calendar icon and set the required period.

user-analytics

Other than the risk score analysis, the following messages will be displayed for the specific cases:

UEBA not purchased
Baseline creation is in progress as the model is training
The particular user has no anomalies

User Activity Overview

Note: User activity overview does not require UEBA

The User Activity Overview contains the following widgets:


User Account Management	Tracks create, modify, and delete actions related to the user account.
Device Severity Events	Consolidates the device severity events for the devices accessed by the user
Active Sessions Overview	Shows the list of active sessions on different devices and their duration
Software Installations and Updates	List of softwares installed, uninstalled and updated by the user during the selected period
Top 5 File Integrity Monitoring Events	Tracks events related to file creation, deletion, modification and access.
Process Tracking	Tracks process creation and termination activities

user-analytics

User Details

Note: User details doesn't require UEBA

This sections fetches the Active Directory object details such as:

User Details
Contact Details
Terminal Server Details
Account Details and
Object Details

user-analytics

Note: Minimize the tab to access the Incident Workbench while you traverse through different pages in EventLog Analyzer. As long as you don't close the workbench, the analysis will be available even if you log out of EventLog Analyzer and login again. You can also save it to an existing incident or create a new one.

User analytics

User Risk analysis

User Activity Overview

User Details

On this page