IBM Support

QRadar: Upgrade to UBA 2.4 causes some of the machine learning models to fail

Troubleshooting


Problem

After upgrading UBA to 2.4 from any other version, you might observe some or all of the machine learning models fail.

Cause

In Machine learning 2.4, we use a new Ariel query for getting data from QRadar. In these queries, we have a condition that indicates which users to get data for. When this system was upgraded that new query was registered to Machine Learning's manager, but it was not put into effect. The queries were then getting every user with activity in the Ariel data. This Machine learning installation does not have enough memory to process that many users at once. Once Machine learning's main process (UBA Controller) restarted, it used the new query correctly. This condition can be seen right after an upgrade.

Resolving The Problem

This issue has been resolved in UBA version 2.5. Procedure to resolve this issue.

  1. As an Administrator, click the circle with the Question Mark at the top of the UBA page.


    or from the Admin tab > User Analytics > click Help and Support.
  2. A new page will open with the tab Help and Support.

  3. Scroll to the bottom of the page. There you will see the following options.
    1. App Logs.
      • User Behavior Analytics (UBA).
      • Machine Learning APP (ML).
    2. Administrative Functions.
  4. Under Administrative functions click .

For more information on the UBA App please refer to the IBM Knowledge Center (UBA documentation)



Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"App","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.3.1;7.3;7.2.8","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg22013063

Page Feedback