UEBA Observables
Admins can now identify and control users performing bulk activities, such as modifying, downloading, deleting and sharingchanging of files, for data at rest.
You can access the UEBA Observables page under the section. The UEBA Observables page displays four pre-defined static observables. All the pre-defined observables are applicable for the Google applications and the Google Audit Reporting should be enabled for Google Drive API scanning. Refer to Google Workspace: Configuring API access.
You can click the Observable name to view the configured values for the Observable, such as Observable ID, Observable Name, Model Name, Source, App, Baseline, Sensitivity and Cadence of Evaluation. All these values remain static.
The UEBA engine takes 30 days to determine anomalous activities and to derive baselines. Corporate Admins can generate artificial baselines on a per need basis. Contact your Forcepoint ONE SSE administrator for more information.