Threat hunting with UBA
Process logs from across your environment: Collect and process logs from configured DCs, member
servers, and workstations
Identify a safe baseline: Processed log data is used to create a user-specific baseline of normal logon, file,
user management, and process activities
Identify anomalies and alert admins: Incoming log data and processed baselines are compared to detect
anomalies and notify admins, so they can investigate further
Detect potential security threats: Quickly spot potential cases of malicious logons, privilege abuse,
privilege escalations, data exfiltration, malware attacks, and more
Automate incident responses: Reduce the time it takes to mitigate damage by instantly shutting down
devices, terminating user sessions, or more based on the security incident
www.adauditplus.com