Skip to content
  • There are no suggestions because the search field is empty.

UEBA Quick Start Guide for 12.5

Tags: Documentation, Getting Started, PDF Documentation, Version 12.5

The following article contains a summary of the NetWitness® UEBA Quick Start Guide for 12.5. To see the full guide, go to Attachments on this article and download the associated PDF.

Summary of the NetWitness® UEBA Quick Start Guide for 12.5.

This guide provides end-to-end instructions for configuring NetWitness® UEBA and using its features. It is intended to help users quickly set up and leverage UEBA capabilities. 

What is NetWitness UEBA?

This sections provides explanation on the NetWitness® UEBA (User and Entity Behavior Analytics), which is an advanced analytics solution designed to discover, investigate, and monitor risky behaviors across users and entities in a network. Its primary functions include:
  • Detecting malicious and rogue users
  • Pinpointing high-risk behaviors
  • Discovering attacks
  • Investigating emerging security threats
  • Identifying potential attacker activity 

Getting Started

This section shows that users can perform various tasks in any sequence, such as:
  • Viewing product updates, improvements, and known issues  
  • Understanding NetWitness UEBA 

Setup and Installation

This section focuses on standalone Installation, which includes:
  • Reviewing supported hardware
  • Reviewing UEBA deployment
  • Configuring firewall ports
  • Installing NetWitness Server host and Log Hybrid Host
  • Installing and configuring NetWitness UEBA
  • Assigning UEBA Analysts and Analysts roles to users 

Fresh Installation

This section covers some tasks, which include reviewing supported hardware and UEBA architecture, configuring firewall ports, Installing NetWitness Server host and other components (physical or virtual). As well as, installing UEBA and assigning roles to users.

Update

This section covers tasks for updating  and deployment. It includes:

  • Deploying the Endpoint Pack for UEBA integration
  • Enabling Endpoint data sources (Process, Registry) for alerts
  • Enabling UEBA indicator forwarder for incident creation
  • Updating NetWitness Platform core services and UUIDs
  • Updating Airflow configuration and restarting scheduler after upgrades 

Investigation

This section shows that users can investigate high-risk users and investigate top alerts References to detailed procedures.

Monitoring

This section explains that users can review UEBA metrics in Health and Wellness and monitor overall Health and Wellness of UEBA Guidance.

Getting Help with NetWitness Platform

This section lists support resources, which include:

  • Accessing documentation, knowledge base, and community discussions
  • Using troubleshooting guides and blog posts
  • Contacting NetWitness Support
  • Hardware setup and feature documentation links are provided for further assistance.

The following article contains a summary of the NetWitness® UEBA Quick Start Guide for 12.5. To see the full guide, go to Attachments on this article and download the associated PDF.



Attachments:
nw_12.5_ueba_quick_start_guide.pdf