Rules and tuning for the UEBA app
The IBM® QRadar® User Entity Behavior Analytics (UEBA) app supports use cases based on rules for certain behavioral anomalies.
The User Entity Behavior Analytics (UEBA) app includes use cases that
are based on custom rules. These rules are used to generate data for the UEBA app dashboard. You can view,
filter, and tune rules within the IBM
QRadar Use Case Manager app. For information
about integrating QRadar
content, see Integrating new or existing QRadar content with the UEBA app.
Restriction: Do not customize your rules to use the UEBA and Machine
Learning reference sets.
Attempting to use the reference sets in custom rules can lead to failures within the UEBA app. For more information, see
Reference sets.
For more information about working with rules in QRadar Use Case Manager, see QRadar Use Case Manager app.
For more information about working with rules in QRadar, see Rules.
For more information about enabling Machine Learning user models, see Machine Learning user models.