Azure Sentinel UEBA Tables: Answer to SC-200 Exam Question

UEBA Tables in Azure Sentinel

Question

Which of the following are tables that are created by the UEBA engine in Azure Sentinel?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answers: A, B and C.

Option A, B and C are correct.

Behavior, peer and analytics tables are created by UEBA for enrichment.

Option D & E are incorrect.

These tables don't exist.

Reference:

The UEBA (User and Entity Behavior Analytics) engine in Azure Sentinel is responsible for detecting anomalous behavior of users and entities within an organization's environment. It generates various tables that contain data on user and entity behavior that can be used for threat detection and investigation.

The tables created by the UEBA engine in Azure Sentinel are:

A. User Access Analytics: This table contains information on user access to different resources within the organization's environment, such as files, applications, and services. It includes details such as the time of access, the user's identity, the resource accessed, and the outcome of the access attempt (e.g., success or failure).

B. Behavior Analytics: This table contains data on the behavior of users and entities within the organization's environment, such as login activity, resource usage, and network traffic. It uses machine learning algorithms to identify patterns of behavior that may be indicative of a security threat.

C. User Peer Analytics: This table contains information on the relationships between users within the organization's environment. It can be used to identify potential insider threats, such as users who are collaborating with others to steal data or commit fraud.

D. User Access Anomalies: This table contains data on access attempts that are deemed anomalous by the UEBA engine. It includes details such as the time of access, the user's identity, the resource accessed, and the type of anomaly detected (e.g., access from an unusual location or at an unusual time).

E. Identity Details: This table contains information on the identities of users and entities within the organization's environment. It includes details such as their name, email address, and group membership.

In summary, the tables created by the UEBA engine in Azure Sentinel provide valuable data for detecting and investigating security threats within an organization's environment. These tables can be used by security analysts to gain insights into user and entity behavior and to identify potential security risks.