Skip to main content
Version: 5.0

UBA Installation and Initialization

Prerequisites

The following files are required for installation:

  • Archive with the sm-uba module files for OpenSearch
  • Archive with the smartMonitorUserBehaviorAnalytics module files for OpenSearch Dashboards

Installation Process

Installation on OpenSearch servers is performed using the following command:

sudo -u opensearch $OPENSEARCH_HOME/bin/opensearch-plugin install file://<path to the module archive>

Installation on OpenSearch Dashboards servers is performed using the following command:

sudo -u opensearch $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-plugin install file://<path to the module archive>

Adding the uba.sme.pass parameter to the OpenSearch keystore:

warning

When executing the command, use the password of the user on whose behalf requests will be made to SME.

sudo -u opensearch $OPENSEARCH_HOME/bin/opensearch-keystore add uba.sme.pass

After installing the module, perform the actions listed in the articles OpenSearch Dashboards and OpenSearch.

Initialization

To initialize the module, go to Settings - Management - UBA - Update:

Initialization Page

Integration with SME

In the User parameter, enter the account name whose password was entered in the OpenSearch keystore during the Installation process.

note

The Password parameter is non-editable and managed through the OpenSearch keystore.

Node Filtering

By default, profiling policy tasks, scoring calculations, and object population will be launched on all servers with the UBA module installed. Filters allow you to regulate the set of nodes used for launching tasks.

The following filter types are available:

  • Include – at least one of the conditions must be satisfied
  • Exclude – none of the conditions can be satisfied
  • Require – all conditions must be satisfied

The following attribute types are available:

  • Node name
  • Host IP address
  • Public IP address of the host
  • IP address
  • Host Name
  • Node ID
  • Own attribute

The Value field contains the node parameter.

note

When using a custom attribute, a field will appear for specifying its name:

Custom Attribute

After clicking the Initialize button, you will be prompted with a warning about adding system scoring types. If there are no objections, click the Accept button:

Modal Confirmation

Adding a Section to the Main Menu

To add the module component to the menu, go to the Main Menu - Settings - Module Settings - Menu Settings - JSON Structure section. Add the JSON dictionary below to the data list.

Menu User Behavior Analytics
{
   "itemType":"module",
   "name":"user-behavior-analytics",
   "show":true,
   "id":"9f9a7da3-1aa4-48e3-a40e-20480bdf2ceb",
   "title":"User Behavior Analytics",
   "sections":[
      {
         "itemType":"page",
         "name":"policies",
         "show":true,
         "id":"45b72fdf-9741-4e77-9f49-97753713d4ca",
         "title":"Calculation Policies",
         "enabled":true
      },
      {
         "itemType":"page",
         "name":"object-list",
         "show":false,
         "id":"5c9f64d7-b1c3-4806-8bc6-fe029c218106",
         "title":"Objects",
         "enabled":true
      },
      {
         "itemType":"page",
         "name":"configuration-list",
         "show":false,
         "id":"72b45bd6-8f1f-4c82-8e05-29f5a1b358ab",
         "title":"Configurations",
         "enabled":true
      },
      {
         "itemType":"page",
         "name":"scoring-calculations",
         "show":true,
         "id":"f8b499be-b18a-4265-bbc1-1675bf6dfaa5",
         "title":"Scoring Calculation Rules",
         "enabled":true
      }
   ],
   "enabled":true
}