I don't understand the ability to connect Ueba to multiple data sources.

%3CLINGO-SUB%20id%3D%22%5C%26quot%3Blingo-sub-3172301%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3EI%20don't%20understand%20the%20ability%20to%20connect%20Ueba%20to%20multiple%20data%20sources.%26lt%3B%5C%2Flingo-sub%26gt%3B%3CLINGO-BODY%20id%3D%22%5C%26quot%3Blingo-body-3172301%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CP%3EHello%2C%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EI%20have%20connected%20UEBA%20in%20my%20environment%2C%20but%20I%20don't%20understand%20what%20it%20offers%20to%20connect%20the%20log%20sources%20of%20Audit%20Logs%2C%20Azure%20Activity%2C%20Security%20Events%20and%20Login%20Logs.%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EAccording%20to%20UEBA%2C%20it%20collects%20alert%20information%20from%20other%20connectors%20such%20as%20Microsoft%20Defender%20for%20Endpoint%2C%20bookmarks%20or%20activities%20to%20generate%20these%20user%20behaviour%20profiles%2C%20so%20I%20don't%20understand%20why%20connect%20the%20aforementioned%20data%20sources%3F%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EThat%20added%20value%20where%20can%20you%20see%20it%3F%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%5C%26quot%3Blia-inline-image-display-wrapper%22%20lia-image-align-inline%3D%22%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fgxcuf89792%2F%5C%26quot%3Bhttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F348663i1B1BE7ADB5E13A74%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%5C%26quot%3B%22%20role%3D%22%5C%26quot%3Bbutton%5C%26quot%3B%22%20title%3D%22Chris_321_0-1645004419201.png%22%20alt%3D%22%5C%26quot%3BChris_321_0-1645004419201.png%5C%26quot%3B%22%20%2F%3E%26lt%3B%5C%2Fspan%26gt%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3ERegards.%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%26lt%3B%5C%2Flingo-body%26gt%3B%3CLINGO-LABS%20id%3D%22%5C%26quot%3Blingo-labs-3172301%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CLINGO-LABEL%3Esentinel%26lt%3B%5C%2Flingo-label%26gt%3B%3CLINGO-LABEL%3EUEBA%26lt%3B%5C%2Flingo-label%26gt%3B%26lt%3B%5C%2Flingo-labs%26gt%3B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3C%2FLINGO-SUB%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3172301%22%20slang%3D%22en-US%22%3EI%20don't%20understand%20the%20ability%20to%20connect%20Ueba%20to%20multiple%20data%20sources.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3172301%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20connected%20UEBA%20in%20my%20environment%2C%20but%20I%20don't%20understand%20what%20it%20offers%20to%20connect%20the%20log%20sources%20of%20Audit%20Logs%2C%20Azure%20Activity%2C%20Security%20Events%20and%20Login%20Logs.%3C%2FP%3E%3CP%3EAccording%20to%20UEBA%2C%20it%20collects%20alert%20information%20from%20other%20connectors%20such%20as%20Microsoft%20Defender%20for%20Endpoint%2C%20bookmarks%20or%20activities%20to%20generate%20these%20user%20behaviour%20profiles%2C%20so%20I%20don't%20understand%20why%20connect%20the%20aforementioned%20data%20sources%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20added%20value%20where%20can%20you%20see%20it%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Chris_321_0-1645004419201.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F348663i1B1BE7ADB5E13A74%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Chris_321_0-1645004419201.png%22%20alt%3D%22Chris_321_0-1645004419201.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3172301%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Esentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUEBA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hello,

 

I have connected UEBA in my environment, but I don't understand what it offers to connect the log sources of Audit Logs, Azure Activity, Security Events and Login Logs.

According to UEBA, it collects alert information from other connectors such as Microsoft Defender for Endpoint, bookmarks or activities to generate these user behaviour profiles, so I don't understand why connect the aforementioned data sources?

 

That added value where can you see it?

 

Chris_321_0-1645004419201.png

 

 

Regards.

 

0 Replies