General Settings
Business Hours
Use this setting to specify business hours in your organization. Activity happening outside this time frame will be flagged.
- Navigate to Settings → Business Hours and enable the Configure Business Hours option.
- Use the drop-down to determine the start and end of the working day.
- Select the working days from the drop-down.
- Click Save.
Personalize Settings
Personalize settings enable you to customize the product according to your preferences.
- Navigate to Settings → Personalize Settings.
- Select the desired date/time format using the drop-down.
- Customize product display by setting the logo, title and favicon.
- Select the domains that are to be displayed in the login page to facilitate easy login to the preferred domain.
Product Settings
Product Settings help you configure the necessary configurations to run the product. The following settings can be configured under product settings.
Privacy Settings
- Navigate to Settings → Privacy Settings
- Enable the Enforce GDPR Compliance option if you are required to comply with the GDPR. Enabling this option will increase your privacy by masking your IP, email addresses, etc.
- Select the Help us improve the product by sending usage statistics option If you would like to share your usage statistics.
- Select Enable password protection option for redistributed and exported reports if you would like to password protect the reports sent via email or exported in PDF, XLS, CSV and XLS formats.
- Enter and confirm the password.
- Enable Data Masking option if you would like to mask users' identities from auditors. Enabling this option will help maintain the privacy of users and other entities in the network.
- You have the option to mask the identity of Entity, User, Host, Domain, IP address, etc. Make your selection in the drop-down.
- To the auditor, the masked data will appear as a random code.
- You can use the Resolve Auditor View's Masked Data option to supply the masked value and get back the original identity of the user, host, domain, IP address, etc.
Server Diagnostics
Have the below content:
Administrators can review information about the general health, setup, memory, installation and disk space details of Log360 UEBA. This will ensure that the product is working at the optimal level.
To view all of these details:
- Navigate to Settings → Server Diagnostics.
- Go to the Server Diagnostics tab.
- Here, you can view:
- Details about health
- System information
- JVM Memory Information
- Installation Information
- You can refresh the information by clicking on the Refresh icon.
You can perform a Disk Space Analysis by:
- Navigating to the Disk Space Analysis tab
- Here you will see disk storage information about your MSSQL database, Elasticsearch, Installation Directory, and Installation Drive.
- You can hit the Refresh icon to obtain up-to-date information.
Technicians
- Navigate to Settings → Technicians.
- Click Add New Technician.
- Enter a Domain name and password, re-enter the password, and select the role you wish to assign to the technician.
- Click Add.
Note:
Domain administrators as well as local technicians (technicians assigned through the product) can be categorized under separate sections in the Technicians home page.
You also have the option to choose an Active Directory group, and set all users within it as Technicians.
Domain Settings
Follow the steps below to add users from a domain for monitoring.
- Navigate to Settings → Domain Settings.
- Click Configure Domain. Enter the Domain name, Domain Controller name, Username, and Password, and set the Sync Scheduler. The value set for Sync Scheduler is when the product retrieves domain user data to check for updates. By default, the product does this at 02.00 hrs every day.
- Click Save. Once the domain is added, users from the domain are automatically imported for monitoring.
You can also add users or Active Directory groups to a watchlist from this tab. To choose specific users to be added to the watchlist, go to the Users menu and select the users.
If you wish to add Active Directory groups, you can do that by navigating to the Groups menu. If you add an AD group to your watchlist, all the users belonging to that group will be added to the watchlist.
Adding an Active Directory group to a watchlist
Risk Score Customization
You can customize the risk score based on the category, weight and decay factor of the anomaly.
Weight
This value denotes the importance of an anomaly based on its type and the user. This value can be customized.
Decay factor
This value denotes the reduction in the value of recorded anomaly information with time. The information loses its credibility if it isn't used properly.
You can add new card groups or remove existing cards based on the requirements of the organization.
- Navigate to Settings → Risk Score Customization.
- Enter the required weight and decay factor values. You can add child groups to the cards and specify the anomalies to be included in them. You can also specify their weight and decay factor values.
- Click Update.
For increased logon security, you can set up a CAPTCHA and two-factor authentication during logons.
To do this:
- Navigate to Settings → Logon Settings
- Click on the General tab
- You can enable and set up CAPTCHA here.
- If you wish to configure two-factor authentication, click on Two-factor Authentication tab
- Enable Two-factor authentication
- You can set up TFA using methods such as Email verification, Google Authenticator, RSA SecurID, Duo Security and RADIUS Authentication.