Use this setting to specify business hours in your organization. Activity happening outside this time frame will be flagged.
- Navigate to Settings → Business Hours and enable the Configure Business Hours option.
- Use the drop-down to determine the start and end of the working day.
- Select the working days from the drop-down.
- Click Save.
- Navigate to Settings → Personalize Settings.
- Select the desired date/time format using the drop-down.
- Navigate to Settings → Product Settings.
- Enable HTTPS and enter the port number to establish a secure connection. If you do not want a secure connection, you can use the HTTP option.
- Set session expiry time using the drop-down.
- Enable the Enforce GDPR compliance option if you wish to comply with the GDPR.
- Click Save.
Follow the steps below to create technicians in Log360 UEBA.
- Navigate to Settings → Technicians.
- Click Add New Technician.
- Enter a login name and password, re-enter the password, and select the role you wish to assign to the technician.
- Click Add.
Follow the steps below to set up the mail server and receive notifications from Log360 UEBA.
- Navigate to Settings → Server Settings.
- Enter the mail server name and port, choose the protocol that will be used to establish a secure connection, and specify the sender's and admin's email address.
- Enable the Licence Expiry and Application Downtime notification options, if you wish to receive emails informing you of these events.
- Click Save.
Follow the steps below to add users from a domain for monitoring.
- Navigate to Settings → Domain Settings.
- Click Configure Domain. Enter the Domain name, Domain Controller name, Username, and Password, and set the Sync Scheduler. The value set for Sync Scheduler is when the product retrieves domain user data to check for updates. By default, the product does this at 02.00 hrs every day.
- Click Save. Once the domain is added, users from the domain are automatically imported for monitoring.
Risk Score Customization
You can customize the risk score based on the category, weight and decay factor of the anomaly.
This value denotes the importance of an anomaly based on its type and the user. This value can be customized.
This value denotes the reduction in the value of recorded anomaly information with time. The information loses its credibility if it isn't used properly.
You can add new card groups or remove existing cards based on the requirements of the organization.
- Navigate to Settings → Risk Score Customization.
- Enter the required weight and decay factor values. You can add child groups to the cards and specify the anomalies to be included in them. You can also specify their weight and decay factor values.
- Click Update.