Ask the community

UBA for Bulk Upload

nduda
Contributor

How are other customers tuning the UBA Bulk Upload (and Download)? These 2 policeis seem to be the noisiest and have the most "false positives". There is no way that I can tell to have an exception for specific apps. For example, the Brave sync applications. This local app is constantly uploading small data about its browser (for sync purposes). I would love to exempt that from the Bulk Upload UBA policy.

2 Replies 2
sshiflett
Netskope
Netskope

Hello @nduda,


Does the sync use the same process or URL as other services such as the Brave browser itself?  If it's unique or a unique URL, perhaps you could bypass that particular traffic from steering or SSL inspection so we don't see the repeated uploads.  If this is interesting traffic that you would still like to inspect I've passed this thread along to some of our internal UEBA experts to see what guidance they may have.  I will reply back once I've got some additional insight. 


Sam Shiflett
Netskope Solution Architect - North America
sshiflett
Netskope
Netskope

@nduda R106 introduces an option to exclude particular apps from UEBA policies which should match your exact use case.  Hopefully this helps!


Support App Exclusion In Application Filter
UEBA supports a setting for excluding applications for predefined and custom UEBA policies. This allows selection of specific applications to exclude from evaluation for predefined and custom UEBA policies.

 

 

Source: https://docs.netskope.com/en/new-features-and-enhancements-in-release-106-0-0.html#UUID-0e76fad6-9d3...


Sam Shiflett
Netskope Solution Architect - North America
Subscribe
Top Liked Authors
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In