OpenUBA is an open-source, flexible User & Entity Behavior Analytics framework designed to provide transparent and community-driven security analytics through customizable models.
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
OpenUBA is used by security analysts and data scientists to detect anomalous user and entity behaviors within an organization’s security data, enhancing threat hunting and security automation efforts. It is ideal for teams seeking an open, transparent UEBA solution that allows inspection and customization of underlying models to improve incident response and compliance.
This project is in a pre-alpha state and actively evolving; users should expect ongoing changes and contribute feedback. Transparency of models is a key design principle, making it suitable for analysts interested in the inner workings of UEBA models. Docker support facilitates deployment but detailed CLI commands or usage examples are not provided in the current documentation.
Clone the repository from https://github.com/GACWR/OpenUBA
Review the white paper for architectural understanding at https://github.com/GACWR/ouba-paper
Use Docker to deploy the server: pull the image from Docker Hub gacwr/openuba-server
Run the Docker container for the OpenUBA server
Follow further setup instructions in the repository for configuring models and data inputs