Defined Peer Group

The Defined Peer Group model shows how much a user's event activity deviates from the event activity of their defined peer group.

Enable the Defined Peer Group model to display how much a user's event activity deviates from the event activity of their defined peer group on the User Details page. Users are grouped and analyzed based on the Group by field. If a user’s current behavior is significantly different from the user’s defined group, it is deemed suspicious and a Sense Event is generated to increase the user’s risk score.

Important: You must have a minimum of two defined groups that each contains 5 or more users. If you change the group selection, a new model needs to be constructed. A significant amount of time and computer resources are required to complete the model creation. It is not recommended to change this value frequently.

Event name

UBA : Deviation from define peer group

sensevalue

5

Required configuration

Select a group from the group by field, such as job title, department, or custom group in order to enable the model. Groups are defined in the user import tuning configuration originating from the user import data. For more information, see Tuning user import configurations.

You must have 7 days of event data available for the analytic to generate a model.

Log source types

Any log source with events that provide a username.