UEBA Quick Start Guide for 12.5.1.0

Summary of the NetWitness® UEBA Quick Start Guide for 12.5.1.0.

This guide provides end-to-end instructions for configuring NetWitness® UEBA and using its features. It suggests starting with product updates, improvements, and known issues, and understanding how NetWitness® UEBA works. These tasks can be performed in any order.

What is NetWitness UEBA?

This section explains NetWitness® UEBA (User and Entity Behavior Analytics), which  is an advanced analytics solution for discovering, investigating, and monitoring risky behaviors across all users and entities in a network environment. It is used to detect malicious or rogue users, pinpoint high-risk behaviors, discover attacks, investigate emerging security threats, and identify potential attacker activity.

Setup and Installation

This sections explains that NetWitness® UEBA can be set up through either a standalone installation or a fresh installation. For standalone installation, the steps include reviewing supported hardware, reviewing deployment, configuring firewall ports, installing the NetWitness® Server host, installing the Log Hybrid Host, installing and configuring NetWitness® UEBA, and assigning the appropriate roles to users. For fresh installation, the steps include reviewing supported hardware, reviewing the UEBA architecture, configuring firewall ports, installing the NetWitness® Server host and other components, installing UEBA, and assigning roles to users.

Update

This section provides explanation on how to update NetWitness® UEBA. It outlines deploying the Endpoint Pack, enabling endpoint data sources, enabling the UEBA indicator forwarder, updating core services and UUIDs after an upgrade, updating Airflow configuration, and restarting the Airflow scheduler service after upgrades.

Investigation

The section covers how to investigate high-risk users and top alerts using NetWitness® UEBA.

Monitoring

This sections focuses on monitoring, which involves reviewing UEBA metrics in Health and Wellness and monitoring the overall health and wellness of the UEBA system.

Getting Help with NetWitness® Platform

This section lists support resources, which include the NetWitness® Community portal, documentation, knowledge base, troubleshooting guides, blog posts, and direct support contacts. There are also links to hardware setup guides and documentation for features like feeds, parsers, application rules, and reports.