Machine Learning Analytics app

The Machine Learning Analytics (ML) app extends the capabilities of your QRadar® system and the QRadar User Behavior Analytics (UBA) app by adding use cases for machine learning analytics. With the machine learning analytics models, you can gain additional insight into user behavior with predictive modeling. The ML app helps your system to learn the expected behavior of the users in your network.

Attention: You must have admin permissions to install the ML app.
Note: For the best experience with Machine Learning, you should consider running the UBA app and the ML app on an App Host. For more information, see App Host.

You should set up the machine learning container to be as large as possible. After you install the ML app, you cannot increase or decrease the container size.

  • It is best to enable Machine Learning Analytics Settings one day after you initially configure the UBA app. This waiting period ensures that the UBA app has sufficient time to create risk profiles for users.
  • The QRadar Console limits the amount of memory that can be used by apps. The ML app installation size options are based on how much memory QRadar currently has for applications.
    • The minimum amount of free memory required to install the ML app is 2 GB. However, 5 GB or higher is recommended.
    • The number of users monitored by the ML app depends on the ML app installation size and the specific Machine Learning analytic. Starting at 5 GB, the maximum number of monitored users by any Machine Learning model is 40,000 per 5 GB up to 220,000 users total. For example, 5 GB would be up to 40,000 users, 15 GB would be up to 120,000 users, and 40 GB would be up to 220,000 users.
  • The installation might fail due to a lack of available memory. This situation can occur if the amount of memory available for applications is decreased because other applications are installed.