Frequently asked questions
Log360 UEBA

Here are a few benefits of using UEBA.

• UEBA-enabled threat detection reduces the number of false positives and false negatives by comparing the actions of each user and entity to their corresponding baseline or "threshold of expected activity."
• A UEBA solution can detect long-term malicious lateral movements more effectively than SIEM solutions with the help of risk scoring.
• UEBA uses the power of ML algorithms to learn and establish a normal profile for each user and entity in an environment. That way, IT admins won't have to rely on manual methods for developing thresholds or writing correlation rules to identify threats. The UEBA solution will detect threats based on deviations in the behavior of users and entities.

Log360 UEBA is an add-on of Log360 and can work in combination with ADAudit Plus, EventLog Analyzer, and Cloud Security Plus within Log360. It can also work with PAM360 to detect privilege misuse.

No. Please note that UEBA is an add-on component and can work only with a parent component such as Log360 or PAM360 installed.

ADAudit Plus' user entity behavior (UBA) functionality includes real-time change auditing and user behavior analytics that help keep your Active Directory, file server, member servers, and workstations secure and compliant.

Log360 UEBA, when combined with ADAudit Plus, offers additional capabilities for identifying threats and anomalies in entity behavior, in addition to user behavior, using risk scoring based on seasonality and peer grouping. Log360 UEBA collects data across EventLog Analyzer, ADAuditPlus, and Cloud Security Plus to generate more comprehensive reports and a consolidated dashboard. UEBA's capabilities to detect anomalies make it more effective against external threats and zero-day attacks.

UEBA is licensed as an add-on component when purchasing a Log360 or PAM360 license.

Yes. The UEBA add-on can be purchased separately after purchasing Log360 or PAM360 by contacting our sales team.

Yes. If you are not currently a Log360 user, you can try UEBA by downloading the trial version of Log360 here. The trial version is fully functional and free for 30 days, and will automatically be converted to the Free edition after the evaluation period. In the Free edition, UEBA will no longer collect data but reports generated during the trial period will continue to be available. If you are already a Log360 user and want to evaluate UEBA, you can contact sales to get your evaluator license.

Yes, download the fully functional 30-day trial version here. The 30-day free trial version will automatically be converted to the Free edition after the evaluation period.

In the Standard edition, UEBA collects logs from all relevant sources and generates real-time reports. In the Free edition, no data is collected, and reports are only available if they were generated while using the Standard edition.

Log360 UEBA has to be downloaded as an individual component. You can find the download link on the Log360 Add-ons page here.

After downloading and installing, in the Log360 console, go to Admin > Administration > Log360 Integration > Log360 UEBA and configure the appropriate settings to complete the integration.

Steps to configure Log360 UEBA with PAM360:

In the PAM360 console, navigate to Admin > Integration > ManageEngine. You will see a consolidated view of all ManageEngine products integrated with PAM360. Under ManageEngine Log360 UEBA, click Enable and configure the appropriate settings to complete the integration.

No, you need to update the UEBA component with the most recent service pack manually.

Note: From release 4042 onward, the update will happen automatically.

No, UEBA will not be updated when you update Log360. You need to update UEBA with the respective service pack separately.

ManageEngine Log360 requires one of the following browsers to be installed on the system to access the Log360 UEBA web client.

• Internet Explorer 9 and above
• Firefox 4 and above
• Chrome 10 and above
• Safari 5 and above

Log360 UEBA supports the following databases:

Bundled with the product:

• PostgreSQL

External databases:

• Microsoft SQL Server 2000
• Microsoft SQL Server 2005
• Microsoft SQL Server 2008
• Microsoft SQL Server 2012
• Microsoft SQL Server 2017

Click here for the complete list of system requirements for installing and working with Log360UEBA.

Log360 UEBA supports logs from Windows and Linux devices, cloud sources, SQL servers, and network and firewall devices.

Yes. You can access the UEBA online demo here.

Yes. Please register here to get a personalized demo from our product experts.

If you need technical assistance, you can contact our support team by filling out this form.

Yes, fill this form to make a suggestion for a new feature you would like to see in our future releases of Log360UEBA.