Defense & Operations
UEBA (User and Entity Behavior Analytics)
Also known as: User and Entity Behaviour Analytics
Definition
A security analytics approach that profiles normal behaviour of users and entities, then flags statistical deviations that may indicate compromise or insider misuse.
Examples
- A finance user suddenly downloads thousands of records at 03:00 from a new country, triggering a high risk score.
- A service account that normally writes to one database starts enumerating Active Directory and is auto-disabled.
Related terms
UBA (User Behavior Analytics)
An analytics technology that establishes baselines of normal user activity and flags anomalies to detect account misuse, insider threats and compromised credentials.
SIEM
A platform that aggregates, normalizes and correlates security telemetry from across the enterprise to enable detection, investigation, compliance and reporting.
SOAR
A platform that automates and orchestrates SOC workflows by chaining detections, enrichments and response actions into playbooks executed across security tools.
EDR (Endpoint Detection and Response)
An endpoint security technology that continuously records process, file, registry and network activity to detect, investigate and respond to threats on hosts.
Behavioral Biometrics
A continuous-authentication technique that profiles unique user behaviors — typing rhythm, mouse movements, gait, or touchscreen gestures — to detect impostors.
Anomaly-Based Detection
A detection approach that builds a baseline of normal activity and flags deviations from it as potentially malicious.