UEBA

Definition

User and Entity Behavior Analytics (UEBA) is a cybersecurity process that leverages machine learning and advanced analytics to detect anomalies in the behavior of users and entities within a network. By establishing a baseline of normal activity, UEBA systems can identify deviations that may indicate insider threats, compromised accounts, or other malicious activities. Unlike traditional security measures that focus on rule-based detection, UEBA provides a more dynamic approach by analyzing patterns over time and across various data sources.

Secure Settings Example

ueba:
  anomalyDetection:
    enabled: true
    sensitivityLevel: high
  dataSources:
    - type: logs
      source: /var/log/auth.log
    - type: network
      source: /var/log/network_traffic.log
  alerting:
    emailNotifications:
      enabled: true
      recipients:
        - security-team@example.com
    threshold: 95

Insecure Settings Example

ueba:
  anomalyDetection:
    enabled: false
  dataSources:
    - type: logs
      source: /var/log/auth.log
  alerting:
    emailNotifications:
      enabled: false
    threshold: 50