[OOTB] UEBA package - ENG
<html lang="en">
<body>
  
  <p>
  Beta version.<br>
  The package is designed to detect abnormal behavior of an account or host in a corporate network. It builds adaptive models of normal behavior based on accumulated historical data (data collection lasts for a month, a period can be modified). These models are used to calculate statistical indicators that minimize false positives and effectively detect potentially suspicious deviations.<br>
  Data sources: Windows OS events, NetFlow, Cisco, Solar Proxy.<br>
  Notes:
		<ul>
			<li>Collection rules can be adapted to specific information security tools and event sources.</li>
			<li>For maximum efficiency of the package, enrichment of events with DNS data is recommended.</li>
			<li>Rules may affect the correlator performance.</li>
			<li>It is recommended to use these rules on KUMA version 4.0 or higher.</li>
		</ul>
  </p>

</body>
</html>