User Based Analytics(UBA) beginner doubts
I have recently setup the UBA server and was able to import users from Active directory.
I require your help to understand the following things about HPE UBA
- Is HPE logger required to use UBA? If no, we have Active Directory, Palo alto firewall and DLP, how to retrieve the user data from these products.
- How to import user activity(login, logout, incorrect logins, password change).
- How to create a baseline for these activities
Thanks in advance
Re: User Based Analytics(UBA) beginner doubts
Please find the response below:-
1.HP Logger is not mandatory to use UBA. We can also use SmartConnectors or ESM to forward activity events to UBA.
2. The logs forwarded to UBA via syslog will be saved in a particular location with the source hostname or IP. Adding a new data source to access these logs saved in UBA is possible. UBA will parse the logs which are in CEF format and will take it as activity data.
3. The baseline for these activities are covered in the HP provided UBA documents.
Hope this is helpful.