QRadar: UBA Machine Learning Module reports that "0 of 31 days of data processed analytics is not yet active".

Troubleshooting

Problem

QRadar administrators recently set-up User Behavior Analytics (UBA) with Machine Learning capabilities, yet they are having issues with data activated in UBA.

Resolving The Problem

After installing UBA with Machine Learning Analytics Module in QRadar, three requirements need to be satisfied: (1) User Activity, (2) Time-of-Day/Category Activity Analytic, and (3) Risk Posture. The first two models require "7 days of data processed" to be satisfied. Of the three Machine Learning Models, Risk Posture might still be incomplete. Machine Learning Analytics after ingesting data for 7 days, will still report “0 of 31 days of data processed Analytic is not yet active.”

This is happening because UBA looks at past logs to build its model. It takes about 2 hours to ingest the 7 days of data and build an initial model. The Risk Posture model, uses the last 4 weeks of data. Then going forward we use a 4-week duration moving average to do a 7-day model hour by hour.

For more information on how the Machine Learning Analytics APP works, please visit the following article in IBM Knowledge Center:

Machine Learning Analytics app

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"App","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: UBA Machine Learning Module reports that "0 of 31 days of data processed analytics is not yet active".

Troubleshooting

Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?