Log source types relevant to the UBA app
The User Behavior Analytics (UBA) app and the ML app can accept and analyze events from certain log sources.
In general, the UBA
app and the ML app require log
sources that supply a username. For UBA, if there is no username,
enable the Search assets for username, when username is not available for event or flow
data checkbox in UBA Settings so that UBA can
attempt to look up the user from the asset table. If no user can be determined, UBA does not process the
event.
For more details about specific use cases and the corresponding log source types, see Rules and tuning for the UBA app.