UEBA: tables missing in azure sentinel logs

Hi all,

so I noticed that cross different tenants the amount of UEBA tables in Azure sentinel are not the same.

I assume that you normally have 4 tables:

- BehaviorAnalytics

- IdentityInfo

- UserAccessAnalytics

- UserPeerAnalytics

This is wat i encountered in on 2 different tenants with the same settings:

For some reason on an other tenant the identityinfo table is missing.

I have checked the entity behavior settings and all 4 of data sources are enabled.

Any idea's?

Kind Regards

Louis

Forum Discussion