To catch malicious and compromised insiders, you can’t wait around for an unambiguous smoking gun to materialize in your SIEM. You must actively engage in threat hunting and leverage user and entity behavior analytics (UEBA) to identify anomalies in your data logs.
In this training, we will dive into UEBA and show you:
- What 25 behaviors indicate compromise or malice
- What you can do with most SIEMs and what requires a UEBA solution
- How to enrich event data with identity information from AD and HR