UEBA content pack summary
When you install the UEBA app, content packages that contain UEBA-specific rules are also installed. The content packages and the count details are listed.
UEBA-specific content packages, which contain rules for sending sense events, are installed as separate extensions. Content packages are installed by default. If you choose to create your own custom rules that send sense events to UEBA, you can change the Install and upgrade content packages setting when you configure UEBA Settings.
Note: Not all content in each package is unique. The counts for custom rules will not match the
number of rules seen on the Rules and Tuning page. These counts include
building blocks and other helper rules.
| Content Pack | Custom Rules | Reference Data | Custom Properties | Property Expressions | QID Records |
|---|---|---|---|---|---|
| Access and Authentication |
37
42 (UEBA 4.1.0) |
15 | 4 | 9 |
22
25 (UBA 4.1.0) |
| Accounts and Privileges | 32 | 5 | 2 | 9 | 12 |
| Browsing Behavior | 20 | 0 | 2 | 14 | 19 |
| Cloud | 16 | 2 | 5 | 6 | 12 |
| DNS Analyzer | 5 | 0 | 0 | 0 | 4 |
| Domain Controller | 15 | 5 | 13 | 26 | 11 |
| Endpoint |
24 (UEBA 3.7.0)
22 (UEBA 3.8.0) |
7 (UEBA 3.7.0)
6 (UEBA 3.8.0) |
10
|
17 (UEBA 3.7.0)
38 (UEBA 3.8.0) |
13 (UBA 3.7.0)
12 (UBA 3.8.0) |
| Exfiltration |
24
27 (UEBA 4.1.0) |
1 | 3 | 17 |
11
12 (UBA 4.1.0) |
| Geography | 12 | 4 | 0 | 0 | 7 |
| MaaS360 | 10 | 0 | 0 | 0 | 10 |
| Network Traffic |
3 (UEBA 3.7.0)
4 (UEBA 3.8.0) |
2 |
1 (UEBA 3.7.0)
2 (UEBA 3.8.0) |
3 (UEBA 3.7.0)
8 (UEBA 3.8.0) |
3 (UBA 3.7.0)
4 (UBA 3.8.0) |
| Threat Intelligence | 19 | 6 | 7 | 17 | 14 |