🛡️ UEBA Security System

Enterprise-grade User and Entity Behavior Analytics (UEBA) platform for real-time security monitoring with ML-powered threat detection, automated anomaly detection, and interactive security dashboards.

✨ Key Features

• 🔐 Enterprise Authentication - Multi-user support with role-based access control
• 🤖 Machine Learning - AutoML optimization with 28+ trained models (Random Forest, XGBoost, Neural Networks)
• 📊 Security Dashboards - 4 pre-configured Grafana dashboards (SOC Operations, Threat Intelligence, Executive Summary, ML Analytics)
• ⚡ Real-time Monitoring - Live threat detection and behavioral analytics
• 🐳 Containerized - Docker-based Elasticsearch and Grafana deployment
• 🔄 Auto-healing - Self-monitoring with automated issue resolution

🚀 Quick Start

Prerequisites

• Python 3.13+
• Docker and Docker Compose
• 8GB+ RAM recommended
• Ports 3000 (Grafana) and 9200 (Elasticsearch) available

Installation

# Clone repository
git clone https://github.com/ziyous09/UEBA.git
cd UEBA

# Install dependencies
pip install -r requirements.txt

# Start Docker services
docker-compose up -d

# Launch UEBA system
python ueba_launcher.py

Quick Deployment

# Complete system deployment with validation
python ueba_launcher.py --quick

# Default login credentials
Username: admin
Password: SecureNewPass123!

📊 Access Dashboards

After deployment, access the following services:

• Grafana Dashboards: http://localhost:3000 (admin/admin)
• Elasticsearch API: http://localhost:9200

The system automatically deploys 4 security dashboards:

• 🛡️ SOC Operations Center - Real-time threat monitoring
• 🧠 Security Analytics & ML - Machine learning insights
• 🎯 Threat Intelligence - Attack pattern analysis
• 📋 Executive Security Summary - High-level overview

🎛️ Main Menu Options

The interactive launcher provides 14 options:

Quick Actions:

1. Quick Deploy - Complete system setup
2. System Health Check - Diagnostic testing
3. Fast Security Analysis - Rapid threat assessment

ML & Analytics (Authentication Required): 4. Interactive ML Analysis 5. AutoML Optimization 6. Neural Network Training 7. Advanced ML Detection 8. Generate Sample Data 9. ML Alerting System 10. View Results 11. Real-time ML Monitoring

Authentication: 12. Login/Change Password 13. User Management (Admin only) 14. Logout

🔐 Authentication

Default Accounts

Username	Password	Role	Access
admin	SecureNewPass123!	Administrator	Full access + user management
testuser	TestPass123!	User	ML features only

Security Features:

• SHA256 password hashing
• Role-based access control
• Session management
• Audit logging

🐳 Docker Management

# Start services
docker-compose up -d

# Check status
docker ps

# View logs
docker-compose logs

# Stop services
docker-compose down

# Restart services
docker-compose restart

🔧 Command Line Options

# Interactive launcher
python ueba_launcher.py

# Quick deployment with health checks
python ueba_launcher.py --quick

# Auto-run specific menu option
python ueba_launcher.py --auto 2

# Development mode (no authentication)
python ueba_launcher.py --no-auth

# Background daemon mode
python ueba_launcher.py --daemon

🛠️ System Architecture

UEBA System v3.1
├── ueba_launcher.py          # Main entry point
├── analytics-engine/         # Core ML & security engine
│   ├── auth_system.py
│   ├── quick_deploy_optimized.py
│   ├── automl_optimizer.py
│   ├── advanced_ml_detector.py
│   └── [25+ analytics modules]
├── ml_models/                # 28 trained ML models
├── config/                   # System configuration & user database
└── docs/                     # Documentation

🤖 Machine Learning Capabilities

Supported Algorithms:

• Random Forest - Ensemble learning
• XGBoost - Gradient boosting
• LightGBM - Fast gradient boosting
• SVM - Support vector machines
• Neural Networks - CNN, LSTM, Hybrid architectures

Features:

• Automated model training and selection
• Real-time threat detection
• Behavioral anomaly detection
• Performance tracking and versioning

🚨 Troubleshooting

Port Already in Use

# Check port usage
netstat -tulpn | grep :3000

# Clean up containers
docker-compose down

Container Issues

# Check container status
docker ps -a

# Restart system
docker-compose down && docker-compose up -d

Dashboard Issues

# Recreate dashboards
cd analytics-engine
python grafana_dashboard_provisioner.py --create-all

System Health Check

# Run comprehensive diagnostics
python ueba_launcher.py --auto 2

📚 Documentation

For detailed information, see:

• USER_GUIDE.md - Comprehensive user manual
• DOCKER_INSTALLATION_GUIDE.md - Container setup instructions
• PROJECT_MEMORY.md - AI assistant's project history

🔐 Security Considerations

Production Deployment Checklist:

• Change all default passwords
• Enable HTTPS for web interfaces
• Configure firewall rules
• Implement regular security updates
• Monitor access logs
• Set up backup procedures
• Configure log rotation

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/name)
3. Commit your changes (git commit -m 'Add feature')
4. Push to branch (git push origin feature/name)
5. Open a Pull Request

📞 Support

• GitHub Issues: Report bugs or request features
• Documentation: See comprehensive guides in repository
• Security Issues: Report privately via GitHub security advisories

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

---

🛡️ UEBA v3.1 - Enterprise-Grade Security Analytics
Protecting organizations through intelligent behavior analysis and real-time threat detection