Time for another brand new release of QRadar UBA 4.1.13 with exciting new updates! This QRadar UBA release addresses some key admin and ML challenges which our UBA customers have been facing. We value our customers and partners feedback and always look to improve our solution.
Let's get started -
1) Decay risk factor may now be set to zero, which disables reducing the overall risk score for users.
Problem: Prior to UBA 4.1.13, there was a requirement to set a decay score which needed to be at least a minimum of 0.01. Our customers asked on multiple occasions to be able to disable risk score decay completely.
With this new release we have removed this limitation and now an admin can set the decay risk factor as '0' which will disables reducing risk score. With this the risk score will now keep increasing for any user and any standard deviation of the risk score(can be set by Risk Threshold) can be easily noticed.
2) Error messages relating to installing or uninstalling Machine Learning will now be displayed for 30 seconds on the installer page.
Problem: Before 4.1.13, while installing or uninstalling ML if something goes wrong there was only a generic error message which shows up for few secs in UBA ML UI for admins to take action. Logs needed to be investigated to understand what went wrong.
With release 4.1.13 we have addressed this and now a more user friendly error message pops up for 30secs on the UI when something relating to ML install/uninstall goes wrong.
3) Fixed an issue preventing proper redirection to Usecase Manager when viewing a tenant instance of UBA while logged in as admin.
Problem: In a multi-tenancy setup when a QRadar admin goes to UBA tenant and clicks on Rules, it takes them to UBA Rules instead of UseCase Manager(UCM).
With release 4.1.13 we have addressed this and now it redirects correctly to UseCase Manager(UCM) if UCM is installed and QRadar admin has permissions to use UCM.
4) Fixed issue where use of 'View User Details' on username fields in QRadar containing N/A would match random users.
Problem: Prior to this release, when going to 'View User Details' for an event with 'N/A' as username, would match random usernames. This presented wrong user info and caused confusion among admins.
With this release, changes have been made in the UBA code to handle this and not match any user. We also plan to add a prompt in future releases to show 'No user info available' type message.
5) Fixed an issue that prevented failed Machine Learning models to self correct.
Problem: Machine Learning models are designed to self correct, however due to a code related issue it would not heal itself in certain scenarios. This created lot of issues for our customers when a model fails and get stuck in this scenario. Only solution to fix the state of the these ML models was to re-install ML from scratch. The UI shows a yellow (!) next to machine learning model status and logs show below error. 
With release 4.1.13 we fixed the code to handle this on its own and now when a ML model fails in this specific scenario, it will seamlessly self correct and continues to function.
6) Fixed security vulnerabilities.
CVE-2023-32697, CVE-2021-3803, CVE-2022-25883, CVE-2020-28498, CVE-2022-3517, CVE-2023-34104, CVE-2023-26920, CVE-2022-25858, CVE-2022-38900, CVE-2021-43803, CVE-2021-37699, CVE-2022-46175, CVE-2023-37920, CVE-2021-23440.
Want to more about QRadar UBA App? Click here
How can I get UBA app for my QRadar?
- It is really quick and easy to download from IBM App Exchange. Click here
Next Planned Release?