Connecting Exabeam UEBA to SecureAuth IdP 9.2
Introduction
Use this guide to connect Exabeam UEBA to SecureAuth IdP in order to enable User Risk Adaptive Authentication analysis.
For more information on configuring Adaptive Authentication, see Adaptive Authentication Tab Configuration.
Exabeam takes existing security-related output from logs and log systems (e.g. Splunk) and analyzes that data for anomalous behavior in a process called Stateful User Tracking. Indicators of anomalous behavior include usage patterns like time of day, location, device, VPN connection, and credentials. Exabeam then assigns the user a Risk Score.
SecureAuth IdP accesses that score via API and then takes action based on the level of threat indicated by that score. The SecureAuth IdP admin can configure score thresholds for High, Medium and Low risk behavior and assign an Action to take for each level.
In SecureAuth IdP version 9.2, a new offering is availablefrom SecureAuth's Prevent Threat Service package. Advancedadaptive capability powered by machine learning tracks and analyzes the login behavior patterns of authorized users for a period of time to identify their normal patterns, and then assigns each user a personal risk score. Bad actors' attempts to impersonate authorized users in order to gain access to the targeted site fail, since a login behavior pattern and risk score are unique to each user. See Machine learning User Risk Score calculations in Adaptive Authentication (version 9.2) and SecureAuth IdP 9.2.0-19 hotfix for machine learning deployment for more information.
Prerequisites
1. Ensure SecureAuth IdP v9.1+ is running
2. Have an existing on-premises installation of Exabeam UEBA
3. Have a Trusted Certificate installed on the Exabeam server