IBM Security QRadar

I know a long time ago we asked the same question and the answer was then " we are working on that" but the latest version of iba is still not domain aware since we are running a multi domain setup its basicly making UBA useless.

• All reference sets are being filled as " shared data" instead of domain specific etc so a user event from one domain is adding to the risk score for a user in another domain

• Learned peers have overlap with users from other domains

With all the work that has gone in underneath in Qradar it feels like the developpers of UBA are missing / arent using a lot of that functionality.

I know a long time ago we asked the same question and the answer was then " we are working on that" but the latest version of iba is still not domain aware since we are running a multi domain setup its basicly making UBA useless.

• All reference sets are being filled as " shared data" instead of domain specific etc so a user event from one domain is adding to the risk score for a user in another domain

• Learned peers have overlap with users from other domains

With all the work that has gone in underneath in Qradar it feels like the developpers of UBA are missing / arent using a lot of that functionality.

I know a long time ago we asked the same question and the answer was then " we are working on that" but the latest version of iba is still not domain aware since we are running a multi domain setup its basicly making UBA useless.

• All reference sets are being filled as " shared data" instead of domain specific etc so a user event from one domain is adding to the risk score for a user in another domain

• Learned peers have overlap with users from other domains

With all the work that has gone in underneath in Qradar it feels like the developpers of UBA are missing / arent using a lot of that functionality.