Hi Team,
Going through our user manual, it states that the entities could be selected either using LDAP OU group as an enrichment source or a CSV as an enrichment source. What are some tried and true considerations that I can help my customer decide which enrichment source to choose?
If you have a properly set LDAP, i would recommend using LDAP OUs. To be precise, if you have your LDAP configured for all the users/machine in you organization that you want to monitor as entities. Doing this will also sync if any users or entities have changed or been removed.
Using custom CSV would be a static approach, i.e if there are changes you have to edit it in the CSV and upload it again.
However if you use LDAP and you have users configured in it that you do not want to be a part of the UEBA analysis, CSV is the way to go as you’ll have the limitations in entity license. (If entity count is more than the license count, the bottom entities will be rejected from participating in UEBA Analysis)
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
