Help Document

Dashboard

The dashboard provides a brief overview of anomalous behavior based on users and entities in the network. Since it gathers multiple data sources into a single interface, administrators can quickly check upon the status of their organization's security posture.

Log360 UEBA dashboard

Anomalous user behavior

  • A cumulation of all the anomalies based on user behavior including, data exfiltration, compromised accounts, and insider threats.
  • A list of the most dangerous users based on their risk scores.
  • A list of all watchlisted users.
  • A list of users with the highest risk score gain.
  • The users' photo will be shown along with their risk scores due to a sync with Active Directory.
Log360 UEBA dashboard Users

To get complete details about the anomalous activities performed by every user on the network:

  • Navigate to Users' dashboard.
  • A pane on the left hand side will display every user on the network and their associated risk score.
  • Click on the user whose details you wish to see.
  • A widget will open to show the user's Average Risk Score, Peak Risk Score, and risk scores associated with four types of threats:
    • Insider threats
    • Data exfiltration
    • Compromised accounts
    • Logon anomalies

This widget will also show user's Risk Score Trend over time, and all the anomalous activities performed by the user along with a timestamp.

User's anomaly activities and risk scores User's anomaly activities and risk scores

Anomalous entity behavior

  • A list of the most dangerous entities based on their risk scores.
  • A list of all watchlisted entities.
  • A list of entities with the highest risk score gain.
  • Log360 UEBA dashboard Entities

Hiding users and entities from dashboard

  • In case you do not wish to see a particular user or entity details on the dashboard, you can choose to Hide from Dashboard. This will remove the user or entity details from the dashboard; however, the user's or entity's anomalous activities can still be viewed under Anomaly Reports.
  • User's anomaly activities and risk scores

  • After hiding a user or entity on the dashboard, if you decide to see it again on the dashboard, you can do that by filtering for hidden users or entities.
  • User's anomaly activities and risk scores

    Then you need to choose a hidden user or entity and Show in Dashboard.

    User's anomaly activities and risk scores