Behavioral detection use cases
editBehavioral detection use cases
editBehavioral detection identifies potential internal and external threats based on user and host activity. It uses a threat-centric approach to flag suspicious activity by analyzing patterns, anomalies, and context enrichment.
The behavioral detection feature is built on Elastic Security’s foundational SIEM detection capabilities, leveraging machine learning algorithms to enable proactive threat detection and hunting.
Elastic integrations for behavioral detection use cases
editBehavioral detection integrations provide a convenient way to enable behavioral detection capabilities. They streamline the deployment of components that implement behavioral detection, such as data ingestion, transforms, rules, machine learning jobs, and scripts.
Requirements
- Behavioral detection integrations require the Security Analytics Complete project feature.
- To learn more about the requirements for using machine learning jobs, refer to Machine learning job and rule requirements.
Here’s a list of integrations for various behavioral detection use cases:
To learn more about machine learning jobs enabled by these integrations, refer to Prebuilt job reference.