Log source types relevant to the UEBA app

The User Entity Behavior Analytics (UEBA) app and the ML app can accept and analyze events from certain log sources.

In general, the UEBA app and the ML app require log sources that supply a username. For UEBA, if there is no username, enable the Search assets for username, when username is not available for event or flow data checkbox in UEBA Settings so that UEBA can attempt to look up the user from the asset table. If no user can be determined, UEBA does not process the event.

For more details about specific use cases and the corresponding log source types, see Rules and tuning for the UEBA app.