AnsweredAssumed Answered

How UEBA, SOAR, Threat Connect and ESA work together!

Question asked by Md. Mahim Bin Firoj on Oct 9, 2020
Latest reply on Oct 29, 2020 by Md. Mahim Bin Firoj

Some point I need to know, we need to create rules on ESA, and based on that alert will be generated. But how UEBA will help ESA? I mean do we need to see UEBA for anomaly behavior/deviations then write rules on SIEM again for fine-tuning the rules or else UEBA will generate alert separately that we also need to look for..!!! Another thing is, how UEBA, SOAR, Threat intel will work together to triage alert, removing false positive, can you please explain? I am giving you the scenario for example. Say some brute force attempt, password cracking, and DDOS attempt is done in our network. Whatever the malicious activity is done, our SIEM receive the logs. Now how ESA rules, UEBA, SOAR and Threat intel will work together with those logs and give us the best result as alert on the screen !! please explain me. I want to know step by step process. Thanks in advance and sorry for the long question.