In this QRadar Open Mic you learn about the User Behavior Analytics (UBA) application. This Open Mic covers the following topics:

• About insider threats and suspicious behavior
• What does UBA do?
• Setting up UBA
• Importing LDAP/AD data
• Installing Machine Learning
• Advanced tuning
• Watchlists
• New Timeline
• Watson Advisor with UBA
  

This video series depicts the following specific UBA use cases:

• QRadar Custom Offenses contributing to UBA Risk Score
  
• UBA discovers the launching of restricted programs
  

This video explains how to customize UBA rules when integrating an additional log source.

In this video, you will learn to tune the User Behavior Analytics (UBA) settings to improve the UBA application behavior and performance.

The General Data Protection Regulation requires organizations to provide transparency about stored user data and to adhere to requests to remove all user data from their IT systems.

This video shows how QRadar UBA version 2.7 and later addresses these GDPR compliance requirements. We examine what user data is collected, and we demonstrate how to remove individual user data from UBA and stop tracking that user.

In this lab, you learn how to use the User Behavior Analytics for QRadar (UBA) application to detect anomalous or malicious behavior. The lab comes with UBA already installed and configured. You learn to use the QRadar UBA Dashboard and how the application can help you detect malicious user behavior.  The lab also walks you through the investigation process and demonstrates the integration with QRadar Advisor with Watson. The QRadar Advisor with Watson app is also already installed and configured in the lab. To learn more about QRadar Advisor with Watson, visit the dedicated section in the Security Learning Academy, where you can run the lab that is focused on QRadar Advisor with Watson. Finally, the lab walks you through tuning the rules for user risky behavior by configuring the senseValue parameter.

UBA leverages the Machine Learning (ML) app to analyze risky user behavior.  Because the Machine Learning part of the lab requires at least one week of historical data to properly analyze user behavior, it is not possible to demonstrate that feature in the lab that runs only about an hour. The machine learning part of QRadar UBA is covered in video training on the Security Leaning Academy.

This video provides an overview of the QRadar UBA application architecture. You learn about UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM. The video also shows how QRadar rules are connected to UBA, and how to access the UBA docker container and application logs.

This video series explains the installation and configuration of QRadar User Behavior Analytics (UBA), as well as the Reference Data Import and Machine Learning apps. The last video covers the TLS setup between the Reference Data Import app and the LDAP Directory Server.