User Behavior Analytics (UBA)

User Behavior Analytics (UBA) - Use cases

This video series depicts the following specific UBA use cases:

  • QRadar Custom Offenses contributing to UBA Risk Score
  • UBA discovers the launching of restricted programs

An overview to detecting and investigating insider threats with QRadar User Behavior Analytics

Insider threats account for 60 percent of cyber attacks, and they are incredibly difficult to detect. In fact, most cases go unnoticed for months or years. Regardless of whether the insider is a malicious employee or a contractor whose credentials have been compromised, security teams need the ability to quickly and accurately detect, investigate and respond to these potentially damaging attacks.

QRadar User Behavior Analytics (UBA) analyzes user activity to detect malicious insiders and determine if a user’s credentials have been compromised. Security analysts can see risky users, view their anomalous activities, and drill down into the underlying log and flow data that contributed to a user’s risk score. As an integrated component of the QRadar Security Intelligence Platform, UBA leverages out of the box behavioral rules and machine learning (ML) models to adds user context to network, log, vulnerability and threat data to more quickly and accurately detect attacks.

In this course, you gain an initial insight into how QRadar UBA addresses these challenges.

User Behavior Analytics (UBA) - Customizing the Rules

This video explains how to customize UBA rules when integrating an additional log source.

UBA Tuning

In this video, you will learn to tune the User Behavior Analytics (UBA) settings to improve the UBA application behavior and performance.

Support for GDPR in UBA

The General Data Protection Regulation requires organizations to provide transparency about stored user data and to adhere to requests to remove all user data from their IT systems.

This video shows how QRadar UBA version 2.7 and later addresses these GDPR compliance requirements. We examine what user data is collected, and we demonstrate how to remove individual user data from UBA and stop tracking that user.

User Behavior Analytics (UBA) version 2.5 – New features

  • Overview: This video demonstrates new features of the UBA 2.5 application. There are more robust search capabilities around QRadar events relevant to UBA in a new Event Viewer. There is also a new Help and Settings page.

  • Objectives:

    • Learn about the Event Viewer feature

    • Learn about the new Help and Support page

  • Course revision 1.0

QRadar User Behavior Analytics (UBA) architecture and overview

This video provides an overview of the QRadar UBA application architecture. You learn about UBA concepts, such as the senseValue variable, risk scores, and the IBM Sense DSM. The video also shows how QRadar rules are connected to UBA, and how to access the UBA docker container and application logs.

QRadar User Behavior Analytics (UBA) setup

This video series explains the installation and configuration of QRadar User Behavior Analytics (UBA), as well as the Reference Data Import and Machine Learning apps. The last video covers the TLS setup between the Reference Data Import app and the LDAP Directory Server.

Click roadmap title to expand/collapse roadmap

QRadar UBA Analyst

QRadar UBA Analysts are responsible for investigating incidents related to user behavior and coordinating remediation activities. QRadar UBA Analysts also understand the underlying details of basic incident investigations, including security event log information and network flows.

QRadar UBA Foundations

These courses teach you how to discover and remediate vulnerabilities in your IT environment using the advanced capabilities of UBA.

UBA Investigations

These courses teach you how to discover and remediate vulnerabilities in your IT environment using the advanced capabilities of UBA.

Click roadmap title to expand/collapse roadmap

QRadar Administrator for UBA

QRadar Administrators for UBA deploy, configure, and maintain the UBA application within their organization's QRadar infrastructure. In addition, they maintain all operational tasks to ensure that the UBA application performs according to the key performance indicators.

QRadar UBA Foundations

These courses introduce you to basic QRadar concepts specific to UBA.

Operational Tasks

These courses teach you how to perform operational tasks for your QRadar UBA environment.


These courses teach you how to implement extensions and enhancements in your QRadar UBA environment.