User Behavior Analytics (UBA)
Getting Started with QRadar User Behavior Analytics
The total time required to complete this roadmap is 4h 29m.
Overview
Setup
Investigation
In this lab, you learn how to use the User Behavior Analytics for QRadar (UBA) application to detect anomalous or malicious behavior. The lab comes with UBA already installed and configured. You learn to use the QRadar UBA Dashboard and how the application can help you detect malicious user behavior. The lab also walks you through the investigation process and demonstrates the integration with QRadar Advisor with Watson. The QRadar Advisor with Watson app is also already installed and configured in the lab. To learn more about QRadar Advisor with Watson, visit the dedicated section in the Security Learning Academy, where you can run the lab that is focused on QRadar Advisor with Watson. Finally, the lab walks you through tuning the rules for user risky behavior by configuring the senseValue parameter.
The IBM Security User Behavior Analytics (UBA) app 3.6.0 supports multi-tenant environments in IBM Security QRadar 7.4.0 Fix Pack 1 and later.
Multi-tenant environments allow Managed Security Service Providers (MSSPs) and multidivisional organizations to provide security services to multiple client organizations from a single, shared QRadar deployment. You don't need to deploy a unique QRadar instance for each customer.
With QRadar 7.4.0 Fix Pack 1 or later and UBA 3.6.0, you can create multiple tenants from a single deployment instead of managing multiple deployments.
This virtual lab walks you through all concepts that are needed to set up the UBA app in a multi-tenant environment such as log sources, tenants, domains, security profiles, UBA users, and roles.