UBA content pack summary
When you install the UBA app, content packages that contain UBA-specific rules are also installed. The content packages and the count details are listed.
UBA-specific content packages, which contain rules for sending sense events, are installed as separate extensions. Content packages are installed by default. If you choose to create your own custom rules that send sense events to UBA, you can change the Install and upgrade content packages setting when you configure UBA Settings.
Note: Not all content in each package is unique. The counts for custom rules will not match the
number of rules seen on the Rules and Tuning page. These counts include
building blocks and other helper rules.
Content Pack | Custom Rules | Reference Data | Custom Properties | Property Expressions | QID Records |
---|---|---|---|---|---|
Access and Authentication |
37
42 (UBA 4.1.0) |
15 | 4 | 9 |
22
25 (UBA 4.1.0) |
Accounts and Privileges | 32 | 5 | 2 | 9 | 12 |
Browsing Behavior | 20 | 0 | 2 | 14 | 19 |
Cloud | 16 | 2 | 5 | 6 | 12 |
DNS Analyzer | 5 | 0 | 0 | 0 | 4 |
Domain Controller | 15 | 5 | 13 | 26 | 11 |
Endpoint |
24 (UBA 3.7.0)
22 (UBA 3.8.0) |
7 (UBA 3.7.0)
6 (UBA 3.8.0) |
10
|
17 (UBA 3.7.0)
38 (UBA 3.8.0) |
13 (UBA 3.7.0)
12 (UBA 3.8.0) |
Exfiltration |
24
27 (UBA 4.1.0) |
1 | 3 | 17 |
11
12 (UBA 4.1.0) |
Geography | 12 | 4 | 0 | 0 | 7 |
MaaS360 | 10 | 0 | 0 | 0 | 10 |
Network Traffic |
3 (UBA 3.7.0)
4 (UBA 3.8.0) |
2 |
1 (UBA 3.7.0)
2 (UBA 3.8.0) |
3 (UBA 3.7.0)
8 (UBA 3.8.0) |
3 (UBA 3.7.0)
4 (UBA 3.8.0) |
Threat Intelligence | 19 | 6 | 7 | 17 | 14 |