USM Anywhere™

User Behavior Analytics

User behavior analytics (UBA) extends your USM Anywhere Sensor's awareness by enabling it to track actors as well as assets within your environment. With UBA, USM Anywhere can help you identify malicious or compromised users, and enable you to better prioritize alarms with the addition of user data.

In addition to analyzing users, UBA also analyzes each of a user's separate accounts, and enables you to manually combine detected users to ensure that your user analytics are accurate. Events and alarms can thus be enhanced with user data, including user entities and their individual accounts, as either the source user or the destination user.

To incorporate user behavior analytics into your USM Anywhere instance, you must provide information about all users acting in your environment. Each user must be identified by a unique username and account type.

Once users have been identified, there are several tasks that you must complete to ensure that complete and actionable data is being captured and acted upon. This chapter describes these necessary tasks, and covers topics such as user discovery and merging, user scans, user monitoring, and configuration.