QRadar User Behavioural Analytics App (UBA) version 2.2.0
With the development of the UBA App Extension, IBM is providing a very useful method of exposing a wide variety of user activities that may be fraudulent or malicious. By monitoring user activity to provide baselines, any deviation can be observed and reported to manage insider threats more efficiently. The enhancements in UBA 2.2.0 include the addition of two new Machine Learning Analytics for Activity Distribution and Peer Group identity.
The extension can be downloaded from IBM’s X-Force Exchange, the filename is User_Behavior_Analytics.2.2.0.zip. If an earlier version of the extension has been installed there may be a requirement to uninstall the earlier version first. Please check the tech note for details.
This version has an increased number of use cases which cover areas including activity by dormant or closed accounts, activity from unusual geographic locations or during unusual times, service certificate problems, known malware file hashes, phishing email attempts and risky URL categories being accessed. This list is being extended with each new release, 2.2.0 added the use case for monitoring VPN access by Service or Machine Accounts.
This free app extension adds significant value to a QRadar installation and further extends the security posture provided by the SIEM.