Exabeam applies ML to user and entity behavior analytics (UEBA) and to automate TDIR workflows. These models help security operations teams reduce noise and focus on credible threats by:
- Event correlation: Linking raw, stateless events into a coherent history of user and device activity for faster triage.
- Behavioral modeling: Establishing baselines of normal activity for every user and device using hundreds of behavior-based models.
- Peer grouping analysis: Dynamically assigning peer groups and host roles to improve anomaly detection.
- Threat analytics: Identifying threats such as algorithmically generated malicious domains.
- Risk-prioritized alerts: Adjusting risk scores to reduce false positives and highlight activity that warrants investigation.