IBM Security QRadar

 View Only

What's new with QRadar User Behavior Analytics App Release 4.1.12

By Prince Prakash posted Tue June 13, 2023 11:23 AM


QRadar UBA team is excited to announce the release of UBA App 4.1.12

So what’s new with this version of UBA release?

  1. Enhanced Machine Learning installation process to allow for different size installations on QRadar 7.5.0 in multitenant deployments.

Problem: UBA 4.1.11 and earlier, when an Admin tries to install an additional Machine Learning(ML) instance for a tenant, there was no option to select memory from available system memory and by default ML instance would use the same allocated memory for Admin ML instance which in this example is 5GB.

  • From UBA 4.1.12, we have introduced a Selector in the ML user interface for Admins to choose memory they want to set for ML instance in different tenants. The Selector also shows how many users can it track based on the memory selected. For example, in the below picture 15GB system memory is selected which can track around 120,000 users. Admin may choose to increase it or decrease it depending on users they want to track in ML. For more information, see Installing and configuring Machine Learning in Multitenancy.

  1. Adjusted right-click action on "View user details" to perform case-insensitive match for username.

Problem: When UBA has different aliases for a user with mixed case and if an Admin clicks on ‘View User Details’, in the User details page it doesn’t show user aliases that doesn’t matches the case.

  • From UBA 4.1.12, we have fixed this behaviour and when Admin hover over a user with mixed case, it shows all the aliases for a user UBA knows about.

When you click on it and go to ‘View User Details’

It takes you to 'User details' page with all the aliases irrespective of case. The same actions appears in Log Activity and when viewing event details in QRadar.

  1. Fixed an issue with viewing events from the graph of Machine Learning models "Data uploaded to remote networks and Data downloaded".

  • With UBA 4.1.12 we fixed few minor issues with AQL query that caused this specific issue with viewing events from the graph of ML models "Data uploaded to remote networks and Data downloaded".

  1. Fixed an issue where the custom event property "UploadRatio" was undefined in QRadar 7.5.0.

  • Similar to point 3, we fixed an issue with backend that was causing this event property “UploadRatio” to become undefined in QRadar 7.5.0.

  1. Fixed security vulnerabilities.

  • UBA 4.1.12 release addresses multiple security vulnerabilities identified in QRadar UBA.

  • CVE-2022-3171, CVE-2022-41881, CVE-2022-40152, CVE-2022-31160, CVE-2017-7525, CVE-2022-25168, CVE-2022-3509, CVE-2022-41854, CVE-2022-38752, CVE-2022-1471, CVE-2021-37533, CVE-2022-42004, CVE-2022-42003. For more information, see the security bulletin.

Want to more about QRadar UBA App? Click here

How can I get UBA app for my QRadar?

  • It is really quick and easy to download from IBM App Exchange. Click here

Next Planned Release?

  • September 2023