General Settings

Business Hours

Use this setting to specify business hours in your organization. Activity happening outside this time frame will be flagged.

• Navigate to Settings → Business Hours and enable the Configure Business Hours option.
• Use the drop-down to determine the start and end of the working day.
• Select the working days from the drop-down.
• Click Save.

Personalize Settings

• Navigate to Settings → Personalize Settings.
• Select the desired date/time format using the drop-down.

Product Settings

• Navigate to Settings → Product Settings.
• Enable HTTPS and enter the port number to establish a secure connection. If you do not want a secure connection, you can use the HTTP option.
• Set the Product Memory. By default, this is set to 1 GB.
• Set the ElasticSearch Memory. By default, this is set to 1 GB.
• Set session expiry time using the drop-down.
• Set the Log Level to Normal, Debug, or Fine by clicking on the dropdown provided.
• Click Save.

Configuring Product Settings in Log360 UEBA

Privacy Settings

• Navigate to Settings → Privacy Settings
• Enable the Enforce GDPR Compliance option if you are required to comply with the GDPR. Enabling this option will increase your privacy by masking your IP, email addresses, etc.
• Select the Help us improve the product by sending usage statistics option If you would like to share your usage statistics.
• Select Enable password protection option for redistributed and exported reports if you would like to password protect the reports sent via email or exported in PDF, XLS, CSV and XLS formats.
• Enter and confirm the password.



• Enable Data Masking option if you would like to mask users' identities from auditors. Enabling this option will help maintain the privacy of users and other entities in the network.
• You have the option to mask the identity of Entity, User, Host, Domain, IP address, etc. Make your selection in the drop-down.
• To the auditor, the masked data will appear as a random code.



• You can use the Resolve Auditor View's Masked Data option to supply the masked value and get back the original identity of the user, host, domain, IP address, etc.

Server Diagnostics

Have the below content:

Administrators can review information about the general health, setup, memory, installation and disk space details of Log360 UEBA. This will ensure that the product is working at the optimal level.

To view all of these details:

• Navigate to Settings → Server Diagnostics.
• Go to the Server Diagnostics tab.
• Here, you can view:
• Details about health
• System information
• JVM Memory Information
• Installation Information
• You can refresh the information by clicking on the Refresh icon.

You can perform a Disk Space Analysis by:

• Navigating to the Disk Space Analysis tab
• Here you will see disk storage information about your MSSQL database, Elasticsearch, Installation Directory, and Installation Drive.
• You can hit the Refresh icon to obtain up-to-date information.

Technicians

Follow the steps below to create technicians in Log360 UEBA.

• Navigate to Settings → Technicians.
• Click Add New Technician.
• Enter a login name and password, re-enter the password, and select the role you wish to assign to the technician.
• Click Add.

You also have the option to choose an Active Directory group and set all users within it as Technicians.

Adding all users in an AD group as Technicians

Domain Settings

Follow the steps below to add users from a domain for monitoring.

• Navigate to Settings → Domain Settings.
• Click Configure Domain. Enter the Domain name, Domain Controller name, Username, and Password, and set the Sync Scheduler. The value set for Sync Scheduler is when the product retrieves domain user data to check for updates. By default, the product does this at 02.00 hrs every day.
• Click Save. Once the domain is added, users from the domain are automatically imported for monitoring.

You can also add users or Active Directory groups to a watchlist from this tab. To choose specific users to be added to the watchlist, go to the Users menu and select the users.

If you wish to add Active Directory groups, you can do that by navigating to the Groups menu. If you add an AD group to your watchlist, all the users belonging to that group will be added to the watchlist.

Adding an Active Directory group to a watchlist

Risk Score Customization

You can customize the risk score based on the category, weight and decay factor of the anomaly.

Weight

This value denotes the importance of an anomaly based on its type and the user. This value can be customized.

Decay factor

This value denotes the reduction in the value of recorded anomaly information with time. The information loses its credibility if it isn't used properly.

You can add new card groups or remove existing cards based on the requirements of the organization.

• Navigate to Settings → Risk Score Customization.
• Enter the required weight and decay factor values. You can add child groups to the cards and specify the anomalies to be included in them. You can also specify their weight and decay factor values.
• Click Update.

For increased logon security, you can set up a CAPTCHA and two-factor authentication during logons.

To do this:

• Navigate to Settings → Logon Settings
• Click on the General tab
• You can enable and set up CAPTCHA here.
• If you wish to configure two-factor authentication, click on Two-factor Authentication tab
• Enable Two-factor authentication
• You can set up TFA using methods such as Email verification, Google Authenticator, RSA SecurID, Duo Security and RADIUS Authentication.