Hi, how long it takes for UEBA to perform initial baseline after enabling the data collection ?
UEBA initial baseline
Userlevel 1
Userlevel 1
LogPoint recommends a 30 day timeperiod to establish a baseline, even though events typically appear after a week or two.
If the LogPoint server has been prepared with the correct data, normalisations and enrichments before the UEBA is activated, it is possible for the system to analyse this historical data in order to shorten the baseline period.
See the UEBA Pre-configuration guide : https://docs.logpoint.com/docs/ueba-preconfiguration-guide/en/latest/ and https://docs.logpoint.com/docs/ueba-manual/en/latest/index.html
“Utilizing unsupervised machine learning, LogPoint UEBA observes the behavior of each user and entity in the network to build baselines for normal behavior, and actions are then evaluated against these baselines. To set a proper baseline, UEBA requires a minimum of 30 days of historical data. If you want to enable UEBA today, you need appropriately normalized and enriched input logs of at least 30 days. LogPoint provides the UEBA PreConfiguration Plugin for easy configuration of the enrichment sources and the enrichment policy. Refer to the UEBA PreConfiguration Plugin Guide for details on preparing your input logs.”
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.