Getting Started with NetWitness UEBA

To onboard NetWitness UEBA, existing customers with NetWitness Platform version 11.5.2 or later can share their tenant administrative user details with the NetWitness Sales team. The NetWitness Sales team then onboards the first administrative user from your organization to kick-start the set up process. The administrative user then receives a welcome email that contains the NetWitness Cloud Portal access URL, a user name, and a temporary password. Ensure that you reset the password at the first login.

The following checklist includes the steps to set-up and use NetWitness UEBA:

Before you Begin

1. Ensure that you configure the actual time on the Cloud Link Service (Log Decoder Host). Sync the device Network Time Protocol (NTP) with the NTP service on the admin server. For more information on how to configure NTP Sever, see Configure NTP Servers.

2. The host on which the Cloud Link Service will be installed needs to be connected to Amazon Web Services(AWS). This might require changes to your existing firewall rules. Hosts will need to connect to the IP ranges for the chosen deployment region. For more information on the current list of AWS IPs by region, see AWS IP address ranges.

3. (Optional) Ensure that you configure the proxy settings from NetWitness Platform version 11.5.3 or later, before installing the Cloud link Service. For more information, see Configure the proxy for the Cloud Link Service.

Check	Task	Navigate To
	1. Understanding NetWitness UEBA	• Welcome to NetWitness UEBA • NetWitness UEBA Use Cases • How NetWitness UEBA Works • About NetWitness UEBA licenses
	2. Log in to your account and perform the initial set up tasks	• Log in to the NetWitness Cloud Portal • Change NetWitness Cloud Portal Account Password for UEBA • Setup and Manage UEBA Administrators • Enable Multi-factor Authentication for UEBA
	3. Understanding Cloud Link Service	Cloud Link Service Overview
	4. Plan your Cloud Link Service installation	Plan your Considerations to Install Cloud Link Service
	5. Install Cloud Link Service on Decoder (11.5.2 or later)	Install Cloud Link Service
	6. Download the activation package	Download the Activation Package
	7. Register the Cloud Link Service	Register the Cloud Link Service
	8. Verify if the Cloud Link Service is working	Verify if the Cloud Link Service is working
	9. Enable data transfer from UEBA to NetWitness Platform	Transfer UEBA data to NetWitness Platform
	10. Monitor Cloud Link Service	Monitor the Health of the Cloud Link Service
	11. (Optional) Enabling Email and Syslog notifications for Cloud Link Service	Configure Email or Syslog Notifications to Monitor the Service
	12. Updating the Cloud Link Service automatically	Update the Cloud Link Service automatically
	13. (Optional) Delete Cloud Link Service if no longer required	Uninstall the Cloud Link Service
	14. Install NetWitness UEBA (Cloud) with an Existing UEBA (On-premises)	Install NetWitness UEBA (Cloud) with an Existing UEBA (On-premises)
	15. (Optional) Configure Proxy setting for the Cloud Link Service	Configure the Proxy for Cloud Link Service

After completing the set-up, you can perform several tasks to respond to threats reported by NetWitness UEBA. For more information, see Investigate.

See also

• Log in to the NetWitness Cloud Portal
• Cloud Link Service Overview
• Install Cloud Link Service