Help Document

Adding users and entities to watchlists in User and Entity Behavior Analytics (UEBA) in Log360 Cloud

In this page

Overview

This page elaborates the user and entity watchlists for the anomaly detection component of Log360 Cloud and how to add or remove users and entities from their respective watchlists.

Watchlists

A Watchlist is a curated list of specific users or entities that have been identified as posing a potentially higher security risk or exhibiting suspicious behavior. These individuals or systems are placed on the Watchlist for closer, more focused monitoring than the general population.

Key aspects of a watchlist in UEBA:

  • Targeted Monitoring: It allows security teams to prioritize the observation of individuals or entities that have triggered alerts, shown unusual activity patterns, or are otherwise deemed noteworthy based on risk assessments or internal policies.
  • Contextual Awareness: Watchlists can be created and populated based on various factors, such as users leaving the company, individuals under investigation, privileged accounts, or systems handling sensitive data. This adds crucial context to the monitoring process.
  • Proactive Risk Management: By closely tracking these potentially risky users and entities, security teams aim to identify proactively and mitigate potential threats before they escalate into security incidents.

In essence, a watchlist in UEBA acts as a focused surveillance mechanism for individuals or systems that warrant closer attention due to existing suspicions or elevated risk levels.

Adding users and entities to watchlists

The watchlists for the users and entities can be viewed and accessed from their respective tabs via the Home dashboard itself. The watchlists are present in the left pane under Users Risk Score and Entities Risk Score, respectively.

Add or remove users from the Watchlist

Users and entities can be added to the Watchlist from the Users and Entities dashboard from the Home of Log360 Cloud.

  1. To add a user to the Watchlist from the Users dashboard, in the left pane of the Users dashboard, click on the empty bookmark icon beside the user's name to add them to the Watchlist.
  2. Indicates that the particular user has successfully been added to the Watchlist.
  3. To remove a user from the Watchlist you can click on the to change it to and the user will be removed from the watchlist.

watchlists

Add or remove entities from the Watchlist

  1. To add an entity to the Watchlist from the Entities dashboard, in the left pane of the Entities dashboard, click on the empty bookmark icon beside the entity name to add it to the Watchlist.
  2. Indicates that the particular entity has successfully been added to the Watchlist.
  3. To remove an entity from the Watchlist you can click on the to change it to and the entity will be removed from the Watchlist.

watchlists

Hide a user or entity from dashboard

Log360 Cloud has an option to hide anomalous users and entities from the dashboard watchlists.

Steps to hide a user from the dashboard:

  1. Navigate to the Users Risk Sore widget in the Users dashboard.

    2. watchlists

    Image 1: Users dashboard in ManageEngine Log360 Cloud

  2. Scroll and search for the user you wish to hide. For a faster search, you can type that username in the search box by clicking on the search icon.

    3. watchlists

    NOTE: The search icon can be accessed in the manage widget settings only when you hover over the widget.
  3. Once the user is found, click on the ribbon containing the user details to access the expanded view of the anomalous user details.
  4. In the expanded view box, click on Hide from Dashboard as shown below.

    5. watchlists

    Image 2: Hide user from dashboard in ManageEngine Log360 Cloud

  5. In the Confirm box, click on Yes.

    6. watchlists

  6. Upon completion of action, the below pop-up appears.

    7. watchlists

Steps to hide an entity from the dashboard:

  1. Navigate to the Entities Risk Sore widget in the Entities dashboard.

    2. watchlists

    Image 3: Entities dashboard in ManageEngine Log360 Cloud

  2. Scroll and search for the entity you wish to hide. For a faster search, you can type that entity's username in the search box by clicking on the search icon.

    3. watchlists

  3. Once the entity is found, click on the ribbon containing the entity details to access the expanded view of the anomalous entity details.
  4. In the expanded view box, click on Hide from Dashboard as shown below.

    5. watchlists

    Image 4: Hide entity from dashboard in ManageEngine Log360 Cloud

  5. In the Confirm box, click on Yes.

    6. watchlists

  6. Upon completion of action, the below pop-up appears.

    7. watchlists

Unhide/view hidden users or entities from dashboard

Steps to view and/or unhide a user from the dashboard:

  1. Navigate to the Users Risk Sore widget in the Users dashboard.

    2. watchlists

    Image 5: Users dashboard in ManageEngine Log360 Cloud

  2. Click on the filter icon from the manage widget options.

    3. watchlists

    NOTE: The filter icon can be accessed in the manage widget settings only when you hover over the widget.
  3. Click on the Hidden Users option from the filter.

    4. watchlists

    NOTE: The User Risk Score option in the filter will take you back to the default view of the Users Risk Score widget.
  4. Once the hidden user is found, click on the ribbon containing the user details to access the expanded view of the anomalous user details.
  5. In the expanded view box, click on Show in Dashboard as shown below.

    6. watchlists

    Image 6: Unhide user in dashboard in ManageEngine Log360 Cloud

  6. In the Confirm box, click on Yes.

    7. watchlists

  7. Upon completion of action, the below pop-up appears.

    8. watchlists

Steps to view and/or unhide an entity from the dashboard:

  1. Navigate to the Entities Risk Sore widget in the Entities dashboard.

    2. watchlists

    Image 7: Entities dashboard in ManageEngine Log360 Cloud

  2. Click on the filter icon from the manage widget options

    3. watchlists

  3. Click on the Hidden Entities option from the filter.

    4. watchlists

    NOTE: The Entities Risk Score option in the filter will take you back to the default view of the Entities Risk Score widget.
  4. Once the hidden entity is found, click on the ribbon containing the entity details to access the expanded view of the anomalous entity details.
  5. In the expanded view box, click on Show in Dashboard as shown below.

    6. watchlists

    Image 8: Unhide entity in dashboard in ManageEngine Log360 Cloud

  6. In the Confirm box, click on Yes.

    7. watchlists

  7. Upon completion of action, the below pop-up appears.

    8. watchlists

Read also

This document provides a simple yet detailed step-by-step guide for adding users and entities to watchlists for anomaly detection in Log360 Cloud's UEBA. For leveraging the capabilities of UEBA, refer the below articles:

© 2025 Zoho Corporation Pvt. Ltd. All rights reserved.