Configuring Log360 UEBA with a service account

It is recommended to use an account with Domain Admin privileges to configure Log360 UEBA. In cases where your organization's policies restrict the usage of Domain Admin accounts, you can assign a user or service account with the least privileges that are required for the functioning of Log360 UEBA. This account can then be used for configuring the domain settings in Log360 UEBA.

Permissions required by the service account to sync domain objects with Log360 UEBA

Provide the service account with the following permission for Domain, DomainDNSZones, ForestDNSZones, configuration, and schema partitions.

1. Open Start -> ADSI Edit.
2. Click on Actions -> Settings.



3. In the Connection Settings dialog box, enter the Distinguished Name of the Domain Partition and click OK



4. Right-click the Domain in the left pane and click Properties



5. In the dialog box that appears, select the service account from the Group or user names: field. In the Permissions section, select the check-box against Replicating Directory Changes, Replicating Directory Changes All, and Read, and click Apply.





6. Now that the user account has been provided with all permissions relating to domain partition, click Action > Settings in ADSI Edit.
7. Add DomainDNSZones, ForestDNSZones, configuration and schema partitions to ADSI Edit and repeat the steps above to provide the account with all the required permissions.

With these permissions in place, the user account can be used to configure the domain in Log360 UEBA.