In a modern SIEM solution, detection of insider threats becomes a high priority to protect your network assets. The User Behavior Analytics app uses the existing data in your IBM QRadar installation to unify user identities across disparate accounts from a single user and perform risk profiling on authentication and account changes, user behavior on network devices, and endpoint and application logs. This provides new insights around users and the risk they pose to your network infrastructure.
The QRadar User Behavior Analytics (UBA) architecture and overview course is a great way to begin learning about this app because it provides an overview of the IBM Security QRadar UBA application architecture. You learn about UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM. It also shows how QRadar rules are connected to UBA, its support of multitenancy, and how to access the UBA docker container and application logs.
Once you learn the basics, get started leveraging the capabilities of UBA with the QRadar User Behavior Analytics (UBA) setup course. This is a video series that explains the installation and configuration of the UBA, the User Import tool and Machine Learning apps, plus the TLS setup between the User Import tool and the LDAP Directory Server.
If you want to take advantage of user analytics applied to multiple customer data from a single shared console, the UBA app, starting with version 3.6.0 and IBM Security QRadar 7.4.0 Fix Pack 1, supports a multitenant environment from a single deployment instead of managing multiple deployments. The QRadar UBA - multitenant environment setup course walks you through all concepts that are needed to set up the UBA app in a multitenant environment such as log sources, tenants, domains, security profiles, UBA users, and roles.
For a complete list of UBA courses you can browse the UBA roadmap on the Security Learning Academy.
#Featured-area-2#QRadar