??? pgHead ???

Frequently asked questions
Log360 UEBA

  • General
  • Pricing and licensing
  • Installation
  • Updates
  • Connectivity
  • Services
  • Log collection
  • Demos
  • Support

General

What is UEBA?

UEBA, or user and entity behavior analytics, is an anomaly detection component powered by machine learning (ML) that integrates with Log360 as an add-on. UEBA helps identify, qualify, and investigate internal threats. Its core capabilities include anomaly detection, score-based risk assessment, peer group analysis, and alerting.

Why UEBA?

Here are a few benefits of using UEBA.

  • UEBA-enabled threat detection reduces the number of false positives and false negatives by comparing the actions of each user and entity to their corresponding baseline or "threshold of expected activity."
  • A UEBA solution can detect long-term malicious lateral movements more effectively than SIEM solutions with the help of risk scoring.
  • UEBA uses the power of ML algorithms to learn and establish a normal profile for each user and entity in an environment. That way, IT admins won't have to rely on manual methods for developing thresholds or writing correlation rules to identify threats. The UEBA solution will detect threats based on deviations in the behavior of users and entities.

Can UEBA work with different parent components?

Log360 UEBA is an add-on of Log360 and can work in combination with ADAudit Plus, EventLog Analyzer, and Cloud Security Plus within Log360. It can also work with PAM360 to detect privilege misuse.

Can UEBA work separately?

No. Please note that UEBA is an add-on component and can work only with a parent component such as Log360 or PAM360 installed.

How does Log360 UEBA differ from UBA in ADAudit Plus?

ADAudit Plus' user entity behavior (UBA) functionality includes real-time change auditing and user behavior analytics that help keep your Active Directory, file server, member servers, and workstations secure and compliant.

Log360 UEBA, when combined with ADAudit Plus, offers additional capabilities for identifying threats and anomalies in entity behavior, in addition to user behavior, using risk scoring based on seasonality and peer grouping. Log360 UEBA collects data across EventLog Analyzer, ADAuditPlus, and Cloud Security Plus to generate more comprehensive reports and a consolidated dashboard. UEBA's capabilities to detect anomalies make it more effective against external threats and zero-day attacks.

Pricing and licensing

How is UEBA licensed?

UEBA is licensed as an add-on component when purchasing a Log360 or PAM360 license.

Can I purchase the UEBA add-on if I have already purchased Log360?

Yes. The UEBA add-on can be purchased separately after purchasing Log360 or PAM360 by contacting our sales team.

Is there a trial version available for UEBA?

Yes. If you are not currently a Log360 user, you can try UEBA by downloading the trial version of Log360 here. The trial version is fully functional and free for 30 days, and will automatically be converted to the Free edition after the evaluation period. In the Free edition, UEBA will no longer collect data but reports generated during the trial period will continue to be available. If you are already a Log360 user and want to evaluate UEBA, you can contact sales to get your evaluator license.

Is there a trial license available for Log360?

Yes, download the fully functional 30-day trial version here. The 30-day free trial version will automatically be converted to the Free edition after the evaluation period.

What is the difference between Free and Standard edition?

In the Standard edition, UEBA collects logs from all relevant sources and generates real-time reports. In the Free edition, no data is collected, and reports are only available if they were generated while using the Standard edition.

Installation

How do I install UEBA?

Log360 UEBA has to be downloaded as an individual component. You can find the download link on the Log360 Add-ons page here.

How do I configure UEBA after installing it?

After downloading and installing, in the Log360 console, go to Admin > Administration > Log360 Integration > Log360 UEBA and configure the appropriate settings to complete the integration.

Steps to configure Log360 UEBA with PAM360:

In the PAM360 console, navigate to Admin > Integration > ManageEngine. You will see a consolidated view of all ManageEngine products integrated with PAM360. Under ManageEngine Log360 UEBA, click Enable and configure the appropriate settings to complete the integration.

Updates

Will UEBA update automatically?

No, you need to update the UEBA component with the most recent service pack manually.

Note: From release 4042 onward, the update will happen automatically.

Will updating Log360 update the UEBA module as well?

No, UEBA will not be updated when you update Log360. You need to update UEBA with the respective service pack separately.

Connectivity

Which web browsers are supported by UEBA?

ManageEngine Log360 requires one of the following browsers to be installed on the system to access the Log360 UEBA web client.

  • Internet Explorer 9 and above
  • Firefox 4 and above
  • Chrome 10 and above
  • Safari 5 and above

Services

Which databases are supported by UEBA?

Log360 UEBA supports the following databases:

      Bundled with the product:

    • PostgreSQL

      External databases:

    • Microsoft SQL Server 2000
    • Microsoft SQL Server 2005
    • Microsoft SQL Server 2008
    • Microsoft SQL Server 2012
    • Microsoft SQL Server 2017

Click here for the complete list of system requirements for installing and working with Log360UEBA.

Log collection

What are the various log sources supported by UEBA?

Log360 UEBA supports logs from Windows and Linux devices, cloud sources, SQL servers, and network and firewall devices.

Demos

Is there an online demo available?

Yes. You can access the UEBA online demo here.

Can I get a personalized demo?

Yes. Please register here to get a personalized demo from our product experts.

Support

How do I contact the Log360 support team?

If you need technical assistance, you can contact our support team by filling out this form.

You can also contact us at:
Toll-free numbers: US: +1 844 649 7766
UK: 0800 028 6590
AUS: 1800 631 268
CN: +86 400 660 8680
Intl: +1 925 924 9500
Direct dialing number US: +1 408 352 9254
Email: support@log360.com

Can I make a suggestion for a new feature?

Yes, fill this form to make a suggestion for a new feature you would like to see in our future releases of Log360UEBA.

Didn't see your question above? You can email us at support@log360.com or reach out to us on our community where you can find other frequently asked questions along with use cases, resources, and information about our latest releases and features.

Note: Access help documents for UEBA here.