Help and support page for UBA

The User Behavior Analytics (UBA) app includes a Help and Support section for using the UBA app and the Machine Learning Analytics (ML) app.

Accessing the Help and Support page for UBA

The Help and Support page provides links to documentation, education, log files, and administrative functions. You must have QRadar® administrator privileges to view log files and complete administrative functions from the Help and support page.

After you install the UBA app, you can access the Help and Support page from the following locations:
  • From the Admin Settings, click Apps > User Analytics > Help and Support.
    Help and Support page icon
  • From the User Analytics tab, click the Help and Support icon.
    Help and Support page button

Administrative functions

You must have QRadar administrator privileges to view log files and complete administrative functions.

Administrative functions include the ability to complete the following actions:
  • Click Clear UBA Data to remove all UBA user data but maintain all of your current UBA configuration settings. Clearing UBA data makes the UBA app behave as if you just installed and configured the UBA Settings. If the Machine Learning (ML) app is installed, the Clear UBA Data button also resets the ML app.
    Note: When you click Clear UBA Data to remove all users from the UBA database, it is possible for some or all of the users to immediately appear in the UBA database if those users have received a QRadar event within the last hour that has a senseValue score associated with it.
  • Click Remove event users to remove users that were discovered through events. You can click the number link to go to the search page that shows the list of users that will be deleted. After confirming the user removal, the count on the overview page under Users discovered from events should decrease to zero. Users that were imported are not affected and will not be removed. Tip: You should enable the Monitor imported users only option on the UBA Settings page before removing event users if you don't want to discover users from events again. Note: If there are no event users, this option will be hidden.
  • Click Remove users without aliases to delete the user record from the database.
    Important: This option only appears if there are users without aliases in your database.
  • Click Reset ML Settings if the ML app is installed and you want to reset all of your Machine Learning settings and disable all of the analytics that are enabled.