I have specific requirement to monitor for Privileged accounts and the list is not a static. How I can input a specific set of user's starting with say like, a-XXX, c-XXX. ( xxx = username ) and monitor only those user's activity in dashboard.
Alternately Do we have a method to bulk add user to watch-list.
Answer by Matthew Ouellette (IBM) (1075) | Jul 07, 2017 at 08:55 AM
Right now we don't but it is on the UBA roadmap. We are looking at adding the capability to:
Multiple watchlists
Ability to create watchlists from LDAP filters/groups
Ability to upload csv file/list to create watchlist
These are future items and out a few quarters likely, but is this in line with what you want to do?