UEBA header image

Detect unknown and insider threats with user and
entity behavior analytics.

Advanced attacks and pervasive threats to your organization often rely on compromised credentials or coercing users into performing actions that damage enterprise security. To identify such attacks, you need a robust solution that allows analysts to determine normal versus abnormal activity on your network quickly.

Logpoint UEBA enhances the investigation of unusual patterns in user behavior while reducing time spent on threat hunting. Mitigate risk, damage, and data loss by detecting advanced attacks early.

Contact Logpoint

Contact us and learn why
industry-leading companies
choose Logpoint:

Contact Logpoint

Improve security operations with automated threat detection

User and entity behavior analytics (UEBA) helps security analysts easily discover suspicious behavior and detect security incidents that other solutions leave unnoticed.

Using advanced machine learning, UEBA builds baselines for normal behavior for every user, peer group, and entity in the network instead of applying predefined rules for standard behavior. By evaluating activity differing from these baselines, UEBA detects abnormal and risky behaviors that are not immediately obvious. It sets risk scores for users and machines and compares use behavior to their peers.

Logpoint UEBA calculates risk scores in a set 0-100 range instead of a variable scale, making it easy for security analysts to prioritize. The closer the score is to 100, the riskier the behavior is.

UEBA provides more tailored detection to each selected user and entity so analysts can spot, prioritize, and manage anomalies easier. It empowers your analysts by significantly speeding up the threat hunting and response time, reducing alert fatigue, and driving them to focus on managing threats requiring attention.

Read in more detail how UEBA works here

Why Logpoint UEBA?


Our SIEM-SOAR and UEBA are built on the Logpoint taxonomy, so no changes are required in your infrastructure to correspond data and provide events for UEBA analysis.



Get UEBA up-and-running within Logpoint from day one, without any time-consuming or expensive integrations. There is no need to tune and tweak static detection rules.

data transfer

Encrypted data transfer

For your security, sensitive data is encrypted before it leaves the network. The encryption key stays within your network and no clear-text data leaves your infrastructure.

Watch our webinar

Get insights on frequently asked questions about adding Logpoint UEBA to SIEM.

We discussed topics such as:

  • The value that UEBA will bring to your current IT setup and infrastructure

  • The pain points that a machine learning UEBA solution will address in your organization

  • How easy is it to use and integrate with SIEM

  • UEBA mapping anomalies in the MITRE ATT&CK framework

The power of UEBA and SIEM-SOAR to strengthen
your security posture

Logpoint products work together to create the best insights. UEBA is a complementary tool, available on top of Logpoint SIEM, using advanced algorithms to extend the capabilities of the Logpoint SIEM-SOAR solution and maximize the value of your data.

infographic UEBA&SIEM&SOAR

Enriching your SIEM data

Correlating the data from UEBA with SIEM events makes the original events more insightful than ever. The original log data can be enriched using the information from UEBA’s machine learning technology, enabling you to discover suspicious user behavior. Incidents can be visualized using dashboards and search templates for faster threat hunting.

Saving your valuable time in threat hunting

A UEBA-enhanced SIEM solution frees up time spent on eliminating false positives and cuts the detection and response time down significantly. Additionally, setting up automated responses with the assistance of SOAR makes this even more efficient. Empower your SOC team to work smarter and focus on threats that matter.

Immediately spot insider threats

Discover abnormal behavior quickly and efficiently across your network—no need to create complicated, predefined rules to alert suspicious behavior. Every individual has different habits, so creating a long list of what is permitted would be time-consuming and difficult, especially if employing hundreds of people worldwide.

Insider threats can best be detected using detection capabilities against other users and entities in the network. If someone behaves way outside the organizational norm, it suggests abnormal behavior and should be investigated.


Malicious Insiders

Probably the best known and most publicized category of insider threats. These are typically entities who take advantage of their privileged access to the organization’s resources to inflict some form of harm on the organization.

Negligent Insiders

Entities who fail to practice security, follow regulations and standards, etc. Often, these are unknowing, for example, if the company’s security policies have not been articulated.



Actors that are, in practice, outsiders, who intentionally gain insider access – often temporarily – to achieve their objectives.

External threats can be detected by users and entities behavioral patterns. If an account is compromised or an adversary has accessed a server, the chances are that the behavior will differ if another actor is behind the activities.


Compromised Accounts

Compromised accounts are outsiders who have gained access to an insider’s account.

Advanced Persistent Threats

An adversary gains unauthorized access to a computer network and remains undetected for an extended period.

In UEBA, the MITRE ATT&CK framework is used to show the types of anomalies found. Some of the most common threats that UEBA excels at tackling from MITRE ATT&CK include:

Initial Access

Detecting and stopping adversaries from getting into your network and obtaining continued access to an insider account.

Lateral Movement

Detecting if adversaries are attempting to gain access into your and move across the network to get additional access to systems and accounts.


Detecting attempts to keep access to systems even when doing system restart or changing credentials.

Command & Control

Detecting and stopping adversaries from taking control of your network by mimicking common behavior in the network with the intent to take control of your systems.


Detecting if someone is trying to steal data from your network.

Mitre ATT&CK info

Test the benefits of Logpoint’s SIEM,
UEBA & SOAR solution

To learn more about the benefits of our SIEM, UEBA & SOAR product
and different download options, book a personal demo.

Book a demo

Trusted by Thousands. Guarding Millions.