Help Document

Available reports

Log360 UEBA offers comprehensive reports that can help identify anomalies in activity of devices, databases, and more. Each anomaly can be classified as time-based, count-based and pattern-based. In addition to this, anomalies can be analyzed for users and systems separately.

ueba-anomalies-reports

Option Event Sources Anomaly Reports
Devices Windows devices
  • Startup and shutdown
  • Installation of services and software
  • USB activity
  • Registry activity
  • Application whitelisting
  • Logons
  • File changes
  • Network share activity
  • Firewall changes
Unix devices
  • USB activity
  • Cron jobs
  • Logons
  • VMware logons
  • File transfer
Routers
  • Configuration changes
  • Logons
Applications Active Directory auditing
  • Logons
  • Process activity
  • User management
Microsoft SQL Servers
  • DDL and DML activity
  • Logons
  • Startup and shutdown
  • Password changes
  • Account management
FTP servers
  • File transfer
  • Logons
  • File activities
Firewall Devices -
  • Allowed and denied traffic
  • Logons
  • Policy activities
  • VPN Logons
  • VPN IP Assigned
  • VPN connection status
  • VPN users
Cloud Services Azure
  • User Activity
  • Network Security Group changes
  • Public IP address
  • Virtual Machines/Compute
  • Database
  • Storage Accounts
  • Resource Locks
  • Virtual Network changes
  • Application Gateway changes
  • DNS changes
  • Traffic Manager
AWS
  • Logons
  • IAM activity
  • User Activity
  • Network Security Group changes
  • VPC Activity
  • WAF changes
  • Security Token Services
  • AWS Config Reports
  • Amazon Auto Scaling Reports
  • Amazon ELB Reports
  • RDS Reports
  • S3 Bucket Activity Reports
  • EC2 Reports
  • Route 53
Google
  • User Activity
  • IAM activity
  • Network Security Changes
  • VPC Activity
  • Network Services
  • Hybrid Connectivity
  • Virtual Machines/Compute
  • Cloud Functions
  • App Engine
  • Google Storage
  • GCP Resource Management